I need to be able to present different information based on the role the user is in (user, employee, manager...). For instance an employee has access to fields that a user doesn't, so when the user views a record they see only 'their' information and when an employee views the same record they see the extra information (fields) available to them.

There are several tables in the database that need to be handled in this fashion, with two or three roles per table.

I've given this some thought and don't have a clear idea of how to do this... all my ideas seem to require much more work than I like or are too simplistic:

- Use a different .jsp for each role. You'd have user_table1.jsp, employee_table1.jsp, manager_table1.jsp, etc.

- Use a single .jsp for each table, and in the .jsp put a lot of 'if' logic to show/hide fields and layout the page correctly.

- Create a 'tableviewer.jsp' which uses meta-information about each table to layout the page. The meta-information would be used to determine where the field is layed out and what roles it can be viewed by.

I'm not particularly fond of any of these approaches. Any thoughts on how to solve this, preferably with a somewhat elegant design, are appreciated.

Thanks,
Thomas

The way I like to do this is tag based. When a user logs in, an ArrayList of his/her roles is built by the system somwehere else. I then have a tag that compares these role(s) to a role(s) for that resource. As a for example. This is easily extended in many different directions.

<tags:RoleShowExt isWholePage="true" showLevelList="roles.UserAdministrator" userRoleList="roles.UsersRoles" />

<tags:RoleShowExt isWholePage="true" showLevelList="roles.UserAdministrator" userRoleList="<%=roles.getUsersRoles()%>" >
blah, show on page
</tags:RoleShowExt>

The isWholePage attribute is something I added to create different granularities. If it's true, then the user is shown a message saying that they don't have privileges to that page, and they are redirected somewhere (First case). If it is false, then the tag just returns SKIP_BODY (in the second case the "blah..." stuff would be displayed or not). In other words, it's false they are just not shown the stuff in the tag body.

The showLevelList is the list of roles allowed access to the resource. The userRoleList is a Collection (I like arraylist) of the roles that the particular user has. These things can be handled in the tag, or you could have run time expressions (as in the second example).

You can make this tag file based, LDAP, or DB whatever you want! There are about a million and one ways to do this.

Unfortunately, I'm not allowed to post the tag code, it belongs to someone, and I don't need trouble. Shouldn't be hard to figure out how to write your own though.

-Newt

oops, the second example should be

<tags:RoleShowExt isWholePage="false" showLevelList="roles.UserAdministrator" userRoleList="<%=roles.getUsersRoles()%>" >
blah, show on page
</tags:RoleShowExt>