I like to separate the adminstrator pages completely. For one thing,
there's usually a lot more functionality on them. Also, they don't have to
be cluttered with the extra baggage of an end-user page (links, ads,
graphics, etc)
I suppose you could implement the same logic for individual parts of a page,
though. Something along these lines:
<cfif (Listfind(groupsAllowed,Session.accessgroup))>
<cfoutput>#myquery.deletelink#</cfoutput>
</cfif>
tom
www.basic-ultradev.com
----- Original Message -----
From: "Chris Lott" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Saturday, October 07, 2000 12:58 PM
Subject: Re: Security issues
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > I do it like this...
>
> Thanks... I was thinking more along the lines of what happens on the pages
> themselves. For instance, let's say I have an application that lists jobs
> waiting to be done. Normal users can list the jobs and edit/delete their
> own, while admin users can edit/delete anyone's.
>
> Would you optionally include a delete link if the current user is an admin
> on that page? Or would the admin user be sent to a different job listing
> page altogether?
>
> Of course this is simplistic... when you have three or many levels of
> access and a number of functions specific to various groups all on the
same
> page, the amount of conditional processing can become pretty large. But if
> I split the application out so that admins go to an admin job listing, job
> editors go to an editor listing and users go to their own listing, I have
> an enormous amount of code duplication to contain...
>
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
