Ian, If you are using ColdFusion MX, the concept of roles is built right in, as well as an authentication framework. Consider making use of the <cflogin> and <cfloginuser> tags. The document below contains a couple of pretty good examples:
http://download.macromedia.com/pub/coldfusion/documentation/ cfmx_dev_cf_apps.pdf To summarize, ColdFusion MX provides a <cflogin> tag that gets executed if the user making the request has not been logged in. You usually want to put the <cflogin> tag in your Application.cfm page. Inside the <cflogin> tag, you run a query to do the authentication, like this: SELECT * from Users WHERE username='#form.username#' and password='#form.password#' Your User table should have a column called "role" or "roles" which gets returned from the query above. If a row gets returned, you would execute the following: <cfloginuser name="#form.username#" password="#form.password#" roles="#myquery.role#" /> After the code above has been executed, you can use the isUserInRole() function to determine what role a user belongs to. In order to retrieve a specific set of documents based on role, your itdocs table should have a "role" column, as well. You could then perform the following query: <cfquery name="docs" datasource="intranetv8"> SELECT docid, doctitle, docsummary, docpath FROM itdocs <cfif isUserInRole("teama")> WHERE role='teama' <cfelse> WHERE role='teamb' </cfif> </cfquery> (This is just a quick example -- there are more elegant ways of achieving the same functionality.) Also, rather than hard-coding roles in your User and Docs tables, consider creating a table just for holding roles, then have your User and Docs tables index into the Roles table by ID. That way, all tables dealing with Roles are indexing into the same set of Roles, and it becomes easier to add new roles to the application in the future. Cantrell On Tuesday, December 3, 2002, at 07:02 AM, Ian Vaughan wrote: > I have been informed that user roles and groups for users is the best > approach but how does this exactly work from a Coldfusion > persepective, and > is this the best way to achieve my brief, or is the way I am planning > on > going the best approach? > > This is my brief, I am creating an Intranet application that features a > publishing area allowing users to add/delete/modify their own content > on the > site. Using html forms, CFFile and Oracle to hold word and pdf docs. > And > having a select form field where the user selects who should see the > file > teama, teamb or everybody > > However some users of the Intranet are from teama and should only be > allowed > to view documents related to teama. teamb have documents that only > their > team should see. Finally there will be some documents that users > upload > that are available to everybody. > > To access the Intranet the users have to log in, where their username > and > password is authenticated against the user table. The user table has > fields.. > > id > username > password > fname > lname > division > > If correct they enter the intranet. The click on the documents link > where > the following query would be run, I was thinking along the lines of > adding a > where clause perhaps ? using the info where the user selected when > they > added the content - i.e. should it be see by teama, teamb or everybody? > > Is this the best way to achieve this ???? > > <CFQUERY name="docs" datasource="intranetv8"> > SELECT docid, doctitle, docsummary, docpath, views > FROM itdocs > WHERE category2='#URL.category2#' > AND > views='#what would go here that states what result of docs would be > shown > based on the user logged in. If the doc is only to be viewed by teama, > teamb or everybody???#' > </CFQUERY> > > > > ian > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
