This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JForum and the fly likes Dynamic list of users with access rights in restricted forums Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "Dynamic list of users with access rights in restricted forums" Watch "Dynamic list of users with access rights in restricted forums" New topic
Author

Dynamic list of users with access rights in restricted forums

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
For clearness and trust of users in restricted forums I'd like to indicate which users have access.
I want to show it only where appropriate, in an unobtrusive manner and the list should compile dynamically.

Outline:
Set up a sticky post (say 'Access List') in a restricted forum
which dynamically shows all user names with at least read access.

Is that possible at all? If, how?

Uwe

[originally posted on jforum.net by tjan]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
The dynamic post item would be hard. The information listed in a post comes from the DB tables and there are a lot of security measures to keep people from putting malicious code into post that would keep stuff from happening.

However, you could have a post with a URL to a custom jForum "action" (or you're own servlet) that would display who was allowed.

Theoretically, figuring out who's allowed is possible. But it will take a fair amount of "splunking" thru the security code to figure out how to do this. Unfortunately, the security stuff is complex and it's not something that can be explained easily.

The basic problem is that jForum does checks on a User basis. E.g., user x requests forum y... and then user x's ACL to see if it's allowed. Generating the ACL for a user takes a lot of queries, so using the existing code to run thru all users to see who's authorized would be very slow. There is a SecurityRepository that might make this OK but if you have a lot of users there may be a memory issue.

The information to figure out a list of authorized users (or groups) is in the DB's but the code to do it needs to be worked out. The coding probably won't be too hard to do... it just figuring out what needs to be done that will be a pain given the complexity.

That said an easier "middle ground" is that if you are confident that your forum security measures limit access to a specific set of groups, it's easy to get the members of these groups. A lot less coding but if some one messes with the security settings, it might not be accurate.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Thanks for clarifying.

So, I will stick to list the members of the respective groups.

I will spare related questions to a new post - when the time is ripe.

Uwe

[originally posted on jforum.net by tjan]
 
wood burning stoves
 
subject: Dynamic list of users with access rights in restricted forums
 
Similar Threads
Integration Problem
I need user must login before reading any message.
Private forums howto?
Security: I want to disallow non-members to view the postings.
no registration