User Access Control¶
So what actually happens?
Krail has a MasterSitemap
, which contains all the page definitions
for the whole site. This is built from the page definitions you provide
using either the direct method or annotation method you covered in
Tutorial - Pages and
Navigation.
When a user logs in, the MasterSitemap
is copied to a user-specific
instance of UserSitemap
. However, only those pages which the user is
authorised to see are actually copied across, and displayed in the
navigation components. This means that either the pages must be public,
or the user must have permissions to see them in order for them to be
displayed.
During the process of copying from the MasterSitemap
to the
UserSitemap, each page is checked to see whether the user has permission
to view it - if not, then it is not copied to the UserSitemap
. This
provides one layer of security, and it also means that any attempt by a
user to access a url not in the UserSitemap is rejected with a “page
does not exist” message, not a “page is not authorised”.