You can implement a simple access control scheme with the MiniVend user
database. Controlled pages must reside in a directory which has a file
named .access that is zero bytes in length. (If it is more than 0 bytes, then only the RemoteUser or MasterHost may access files in that directory.)
Set the following variables in catalog.cfg:
Variable MV_USERDB_ACL_TABLE userdb
Variable MV_USERDB_ACL_COLUMN acl
The MV_USERDB_ACL_TABLE is the table which controls access, and likewise the MV_USERDB_ACL_TABLE names the column in that database which will be checked for authorization.
The database entry should contain the complete MiniVend-style page name of the page to be allowed. It will not match substrings.
For example, if the user flycat followed this link:
<A HREF="[area cartcfg/master_edit]">Edit</A>
Access would be allowed if the contents of the userdb were:
code acl
flycat cartcfg/master_edit
and disallowed if it were:
code acl
flycat cartcfg/master_editor
You can enable access with:
[userdb function=set_acl location="cartcfg/master_edit"]
and disallow access with:
[userdb function=set_acl
delete=1
location="cartcfg/master_edit"]
Of course a pre-existing database with the ACL values will work as well; it need not be in the UserDB setup.