Ryan:
I was working on the same issue earlier this week and was helped a great
deal by Ray Camden. isUserInRole will treat what you pass it as a AND
comparison, therefore if you pass G,U then the user must possess both
roles. Note, what you pass is case-sensitive and there must be no
spaces. So, if admins in your application are given all roles then
isUserInRole("G") will allow all three of your hypothetical users access
the CFC.
Hope that helps!
-JSLucido
-----Original Message-----
From: Ryan Kime [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 11:44 AM
To: CF-Talk
Subject: Roles in CFMX
I need help understanding ROLES in CFMX because I think the concept goes
against my idea of roles-based security. I would think that if you
assign a user one to many roles and then if a role is listed in a comma
delimited list in the roles parameter on a CFC, the user can access it,
but that's not how it goes in CFMX.
Here's a quick rundown of my situation: we finished a major app, now two
other groups want access to it and this requires limitations to certain
areas and functions. When developing the original app we set everyone on
the same role, so all CFCs have the role parameter set.
Say for simplicity's sake, the three roles are G for guest, U for user,
and A for Admin. Therefore....
Guests = "G"
Users = "G,U"
Admins = "G,U,A"
On a CFC, if the role is "G" will the Users and Admins be able to use
the CFC?
What about a "G,U" restricted function, will Admins be able to access
it?
TIA,
Ryan Kime
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] Web
Developer Webco Industries
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
http://www.cfhosting.com
