<%@ page contentType="text/html; charset=ISO-8859-1" language="java" import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl" errorPage="" %> <% WebSession webSession = ((WebSession)session.getAttribute("websession")); int myUserId = webSession.getUserIdInLesson(); %>
Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page



Select from the list below



<% if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.CREATEPROFILE_ACTION)) { %>
<% } %> <% if (webSession.isAuthorizedInLesson(myUserId, RoleBasedAccessControl.DELETEPROFILE_ACTION)) { %>
<% } %>