Warning, this post is extremely buzzword and acronym heavy!

I'm writing an application for the web right now that is entirely AJAX based, and uses back end Lotus Domino documents for data storage. Each back end document uses "READER" and "AUTHOR" names, but the code itself is all handled through agent calls made from the browser using AJAX.

In some cases, I want to display edit controls if the user has editor access to the document where the data is stored, but otherwise not. I tried doing this in the agents themselves when they read the data and write out the xml response for the AJAX call, but it's painful. To determine if they have editor access, you have to try to edit and save the target document. I have code to do that, but it would generate document updates every time a page is loaded by someone with editor access to those target documents

It occurred to me that I could do this with an AJAX call of my own. To understand this example, imagine I've read some data with an AJAX call and the resulting xml is in the variable "xml". One of the attributes in that result is the UNID of the document containing the source data. In this case, the "<group>" node has an attribute "unid". In xml it looks like this:

<group unid='321242523452345662323452352345' />

Given that this value is in the xml response, the following code extracts that value and creates a URL that if entered directly into a browser would open the target document in edit mode.

var grpunid = xml.getElementsByTagName('group')[0].getAttribute('unid');
var url = databasePath + "/0/" + grpunid + "?editdocument";

Now, I kick off another AJAX request while I'm processing the rest of the data....

ajaxRequest(url, null, setGroupEdit);
// < - in my case, a function called "ajaxRequest()" handles the meat and potatoes work, checks for errors, and passes the result
// in the variable "ajaxReq" to the function specified in the third parameter (in this case, setGroupEdit) when it finishes.

Finally, the function "setGroupEdit" is there to get the result of the background attempt to open the url in edit mode. All it has to do is check to see if the resulting response contains the text string "names.nsf?Login" which is what Domino would have generated if it had popped up the default session based login screen.

function setGroupEdit(ajaxReq) {
var txt = ajaxReq.responseText ;
if (txt.indexOf('names.nsf?Login') > 0) {
alert("Not an Editor");
} else {
alert("Yes, editor access");
}
}

As Bill points out, you have to watch for other things like "names.nsf!Login" or custom login forms -- but you get the point here, no? A bit ot tweaking to fit your specific case really should do it.

One last note: Since I don't let people edit that form directly, the form is designed so that with web access it has almost no content at all. That helps performance as well since the request and result are both very small.