authorization system

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

authorization system

Alex Betz-2
I am using a very simple but effective authorization system to check
whether a user is authorize to get certain data. This works in principle.
However rather than just aborting the request I would like to send a json
so that I can present a warning to the user, otherwise a legitimate user
whose session has expired doesn't get any warning.  This is predominantly
used to authorize ajax calls.

The problem is, whatever I do the string is not returned. I was hoping that
the handle tag would solve this, but it doesn't.


<?LassoScript

session_start('authorization', -expires = 60, -secure)
if(session_result('authorization') != 'load') => {

session_addVar('maintenance', 'auth_level')

var(auth_level::integer = 0)
}

if( $auth_level == 0 ) => {
   handle => {
'{ sucess: false}'
   }
   abort
}

?>

Any help appreciated
Thanks
Alex

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: authorization system

Bil Corry-3
I think if you set the content body before the abort, it should return it.
In LP8, it is content_body, but I can't recall what it's call in L9.



- Bil

On Fri, Aug 14, 2015 at 12:50 PM, Alex Betz <[hidden email]> wrote:

> I am using a very simple but effective authorization system to check
> whether a user is authorize to get certain data. This works in principle.
> However rather than just aborting the request I would like to send a json
> so that I can present a warning to the user, otherwise a legitimate user
> whose session has expired doesn't get any warning.  This is predominantly
> used to authorize ajax calls.
>
> The problem is, whatever I do the string is not returned. I was hoping that
> the handle tag would solve this, but it doesn't.
>
>
> <?LassoScript
>
> session_start('authorization', -expires = 60, -secure)
> if(session_result('authorization') != 'load') => {
>
> session_addVar('maintenance', 'auth_level')
>
> var(auth_level::integer = 0)
> }
>
> if( $auth_level == 0 ) => {
>    handle => {
> '{ sucess: false}'
>    }
>    abort
> }
>
> ?>
>
> Any help appreciated
> Thanks
> Alex
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: authorization system

stevepiercy
Something under web_response?  This looks like web_response ->
rawContent = <value>
http://lassoguide.com/operations/requests-responses.html?highlight=web_response#web_response->rawContent=

--steve

On 8/15/15 at 9:17 AM, [hidden email] (Bil Corry) pronounced:

>I think if you set the content body before the abort, it should return it.
>In LP8, it is content_body, but I can't recall what it's call in L9.
>
>
>
>- Bil
>
>On Fri, Aug 14, 2015 at 12:50 PM, Alex Betz <[hidden email]> wrote:
>
>>I am using a very simple but effective authorization system to check
>>whether a user is authorize to get certain data. This works in principle.
>>However rather than just aborting the request I would like to send a json
>>so that I can present a warning to the user, otherwise a legitimate user
>>whose session has expired doesn't get any warning.  This is predominantly
>>used to authorize ajax calls.
>>
>>The problem is, whatever I do the string is not returned. I was hoping that
>>the handle tag would solve this, but it doesn't.
>>
>>
>><?LassoScript
>>
>>session_start('authorization', -expires = 60, -secure)
>>if(session_result('authorization') != 'load') => {
>>
>>session_addVar('maintenance', 'auth_level')
>>
>>var(auth_level::integer = 0)
>>}
>>
>>if( $auth_level == 0 ) => {
>>handle => {
>>'{ sucess: false}'
>>}
>>abort
>>}
>>
>>?>
>>
>>Any help appreciated
>>Thanks
>>Alex
>>
>>#############################################################
>>
>>This message is sent to you because you are subscribed to
>>the mailing list Lasso [hidden email]
>>Official list archives available at http://www.lassotalk.com
>>To unsubscribe, E-mail to: <[hidden email]>
>>Send administrative queries to  <[hidden email]>
>>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>the mailing list Lasso [hidden email]
>Official list archives available at http://www.lassotalk.com
>To unsubscribe, E-mail to: <[hidden email]>
>Send administrative queries to  <[hidden email]>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy              Website Builder              Soquel, CA
<[hidden email]>               <http://www.StevePiercy.com/>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: authorization system

Alex Betz-2
Thanks! web_response-
<http://lassoguide.com/operations/requests-responses.html?highlight=web_response#web_response->>rawContent=(text)
did the trick!

Alex

On 15 August 2015 at 11:41, Steve Piercy - Website Builder <
[hidden email]> wrote:

> Something under web_response?  This looks like web_response -> rawContent
> = <value>
>
> http://lassoguide.com/operations/requests-responses.html?highlight=web_response#web_response-
> >rawContent=
>
> --steve
>
> On 8/15/15 at 9:17 AM, [hidden email] (Bil Corry) pronounced:
>
>
> I think if you set the content body before the abort, it should return it.
>> In LP8, it is content_body, but I can't recall what it's call in L9.
>>
>>
>>
>> - Bil
>>
>> On Fri, Aug 14, 2015 at 12:50 PM, Alex Betz <[hidden email]> wrote:
>>
>> I am using a very simple but effective authorization system to check
>>> whether a user is authorize to get certain data. This works in principle.
>>> However rather than just aborting the request I would like to send a json
>>> so that I can present a warning to the user, otherwise a legitimate user
>>> whose session has expired doesn't get any warning.  This is predominantly
>>> used to authorize ajax calls.
>>>
>>> The problem is, whatever I do the string is not returned. I was hoping
>>> that
>>> the handle tag would solve this, but it doesn't.
>>>
>>>
>>> <?LassoScript
>>>
>>> session_start('authorization', -expires = 60, -secure)
>>> if(session_result('authorization') != 'load') => {
>>>
>>> session_addVar('maintenance', 'auth_level')
>>>
>>> var(auth_level::integer = 0)
>>> }
>>>
>>> if( $auth_level == 0 ) => {
>>> handle => {
>>> '{ sucess: false}'
>>> }
>>> abort
>>> }
>>>
>>> ?>
>>>
>>> Any help appreciated
>>> Thanks
>>> Alex
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>> the mailing list Lasso [hidden email]
>>> Official list archives available at http://www.lassotalk.com
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>> the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy              Website Builder              Soquel, CA
> <[hidden email]>               <http://www.StevePiercy.com/>
>
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>