Hi
So how would I build user roles etc into my application, is it something
like below, or is there a more elegant way?...
First of all how would this query look?? and where would the permissions be
set up in your suggestion?
I have an admin table that holds user login information with fields id,
username, password, fname, lname, section.
If I then set up session variables in an application.cfm page to record
these variables shown below i.e. section.
Then in the actual page that would display the documents, I could use these
variables in my query to display the permissions. And where the records in
the database where the permissions field = the session.section then the
records would be displayed.
But this approach does not solve if the records can be seen be anybody who
is logged in, how can I build that functionality into the query below?
<CFQUERY DATASOURCE="#Application.DSN#" NAME="results">
SELECT staff_messages.id, staff_messages.storydate, staff_messages.headline,
staff_messages.section, staff_admin.lname
FROM staff_messages, staff_admin
WHERE staff_messages.section ='#session.section#'
ORDER BY staff_messages.id desc, staff_messages.storydate desc
</CFQUERY>
<CFQUERY DATASOURCE="#Application.DSN#" NAME="Security">
SELECT *
FROM staff_admin
WHERE Username = '#form.Username#' AND Password = '#form.Password#'
</CFQUERY>
<!--- If username and password Do not match then send them to login 2 which
tells them there attempt to login was unsucessful and asks them to login
again --->
<CFIF Security.RecordCount IS 0>
<CFLOCATION URL="login2.cfm" ADDTOKEN="No">
<!--- If validation is succesful then set the username, password from the
preceding login form that matched the admin query and was validated as
Session variable. Also set the user ID from the admin query as a session id,
then send them staright to their administration page --->
<CFELSE>
<CFSET Session.Password = "#Security.Password#">
<CFSET Session.Username = "#Security.username#">
<CFSET Session.ID = "#Security.ID#">
<CFSET Session.Fname = "#Security.FName#">
<CFSET Session.Lname = "#Security.LName#">
<CFSET Session.section = "#Security.section#">
<CFSET session.user_directorate = "#Security.directorate#">
<CFLOCATION URL="/testpages/itnet/admin/media/menu.cfm" ADDTOKEN="No">
</CFIF>
----- Original Message -----
From: "Christian Cantrell" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, December 02, 2002 1:53 PM
Subject: Re: Personaliztion with Coldfusion ?
> This is a good approach. As "role" or "group" is a property of a user,
> the column should go in the table with the other user data. Consider
> making a new table that contains possible rolls, like this:
>
> RoleConfig
> ----------------
> roleId (pk)
> name
> displayName
>
> Then have your user table reference roles by ID. That way, it is easy
> to 1) Retrieve a list of possible roles, and 2) Add new roles in the
> future.
>
> Along the lines of what Stephen suggested, consider selecting * when
> authenticating the user, then storing all the information returned from
> your user table in a named array, then storing that array in the
> session (kind of like having a User "object"). Then, at any given
> time, on any page, you can base a condition (such as which reports to
> expose, etc) on any property of a user you want.
>
> Cantrell
>
> On Monday, December 2, 2002, at 06:47 AM, [EMAIL PROTECTED] wrote:
>
> > Depends how much customisation you want to do, but if you want to set
> > up
> > something more flexibile and extensible you really need to think about
> > building in some kind of roles based access system.
> >
> > Basically you have Objects, Roles, Users:
> >
> > Objects - bits of the site - pages docs whatever
> >
> > These are assigned to Roles
> >
> > Roles are assigned to Users
> >
> > When you log-in a user you look up their roles
> >
> > When you want to check for access permission to a particular object
> > you look
> > the list of objects assigned to those roles to see if they contain the
> > object, and then allow or disallow access.
> >
> > Lots of ways you can implement that, takes some effort but worth it if
> > you
> > are looking to offer extensive, maintainable customisation.
> >
> >
> >
> > -----Original Message-----
> > From: Stephen Moretti [mailto:[EMAIL PROTECTED]]
> > Sent: 02 December 2002 10:48
> > To: CF-Talk
> > Subject: Re: Personaliztion with Coldfusion ?
> >
> >
> > Ian,
> >
> >> <CFQUERY DATASOURCE="#Application.DSN#" NAME="Security">
> >>
> > Hope that this is in CFMX, otherwise you need to be looking at
> > CFLOCK....
> > ;o)
> >
> >
> >>
> >> For example I run a query to return a list of documents in my database
> > table.
> >>
> >> Some of the records are available to view to everybody, however some
> >> of
> > the records
> >> are only available to view by TEAM 1 and some are only avaialble to
> >> TEAM
> > 2.
> >>
> >> How can this type of personalization be built into the pages?
> >>
> > You need to query your database to find out which "teams" that user
> > belongs
> > to and then only select the documents that are available to everyone or
> > those groups to which this particular user belongs to. Basically, just
> > grab
> > the users teams when they log in and store them in a session variable
> > as
> > well...
> >
> > Hope this helps point you in the right direction.
> >
> > Regards
> >
> > Stephen
> >
> >
> >
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
