Ok here is a design question.
Ive got an application where users are given us to different areas of the application depending on their profile level. For example, all users with profile level 1 can add products to the database but not add customers. Users with profile level 2 can do both.
I have implemented this on the server side using the following technologies
Java Jsp Struts Oracle
What happens is before a method is executed on the server side, the
servlets checks the users access level to verify that the Action can be executed.
On the client side the users see all link to all Actions. I would like to change this so that users can only see the links Actions/Servlet to which their profile level allow them to execute.
My question is what is the simplest way to do this? I have thought of the following solutions
1. Perform a check on the profile level through the jsp and verify the user is allowed to view this link. I know this will work but it will cause problems later in the future if changes are made to the application. This will also introduce a dependency between the front-end and the server side servlets in that i might need to make changes both on the front-end and the servlets.
2. Not display a page at all if the user is not allowed to view it. This is a problem because some pages contains several links. Some of which the user can execute and some they cant.
I would like to be able to enable/disable/display hyperlinks/buttons on the front-end based on the user's profile. Can someone suggest a solution whereby i can safely implement this while at the same time complying with the MVC concepts. i.e. the front end view does not depend on the actual processing on the serverside. Can this be done via xml? Or can struts be used to do this?
Thanks in advance.