Lightweight, Component-based, and Database-oriented Web Application Framework

About | Overview | Documentation


Documentation > Tutorial > 9.3 Application access control: Link

9.3 Application access control: Link


In the previous sub-section (9.2), all components under "Admin" page have been assigned with the access privilege so only the "admin" user can access them. However, the "Admin" link itself still accessible and visible to the anonymous type users. An exclusive access privilege for "admin" user should also be applied to the "Admin" link so anonymous type users will not able to click and activate the link where services are not accessible to them.

Go to AAT's "Link Access Control" administration page and then click the link of "Users Assigned" column of the "Home:Admin" link path [1].


The AAT will display the users which currently have the access privilege to the "Home:Admin" link path. As shown below there is no single user has been assigned.


Click the "Open List" link [2] to list all other potential users to be assigned. From all the users listed inside the "Add Potential Users" table, select the user "admin" [3] and then click the "Add Selected" button [4]. As shown below, the list is now updated with the "admin" is the only user that has the privilege to access "Home:Admin" link path.


Click the "Link Access Control" link [5] to go back to the main list of the application link paths. As shown below, "Home:Admin" link path is now highlighted with one user has been assigned to it. This new setting implied that there is only one user can access the guestbook's "Admin" link that is the "admin".


It's important to understand that the "Home" link as a parent to the "Admin" link is not individually affected by the above new access control setting. Specific access control implementation to the "Home" link can be made via single "Home" link path reference [6] and it will affect all other child links underneath the "Home" link itself.

Go back to the "Admin" page of mygb application and then try refresh the content. The framework should now highlighting the link access error and not the component access error as below.


Click to any one of the "Back to default/previous possible working page." link texts generated by the components that trace and trap the link access error. The browser might later display the default page of mygb application as below with the "Admin" link is now not visible to the anonymous user.


Click the "Logout" main link and then login back as "admin" user. The "Admin" link and all of its related services provided should now available to be accessed again.