Thanks for your advice Jochem, I did consider consolidating those components into just a single 'User' cfc but when you do that it can become pretty messy as there are so many functions, for instance the 'profile' bean alone contains about 20 properties, so you've got 40 getter/setter statements in addition to any other functions inside the profile bean alone. Credentials, Profiles and Entitlements are stored in separate database tables so it works nicely for me to keep them separate I think.
As for the entitlements, yes, a user can have more than one, the admin level users would have a much larger number of entitlements than a standard user. When a user logs-in it populates an array inside the 'entitlements' bean with all the users entitlements. Example entitlement might be something like 'add comment', 'delete comment', 'add user', 'delete thread'. By giving user entitlements like this rather than just placing them within a 'role' it is allot more work, but, it gives me a greater level of control over exactly what a particular user can do. Then inside the Entitlements bean there is the 'isEntitled()' function that just searches through the array to look for the name of a particular entitlement, if the entitlement exists in the array it returns 'true' but if it doesn't find the entry, then it returns 'false'. Again in the entitlements bean there are other functions for adding and removing entitlements from the array, along with save() functions, this way when an admin can load a 'user' object into the VARIABLES scope of a page for any user on the system, and modify their profile, entitlements and suchlike. I could defiantly do it all as a single component, but there would be so many functions I feel it may become a little over complicated to read. What are the benefits of placing them all into a single component? Performance? Efficiency? Rob -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: 07 March 2007 12:48 To: CF-Talk Subject: RE: User Authentication Robert Rawlins - Think Blue said: >> Can a user have more then one profile? Does every user have a >> profile? > > Each user will only have one profile (..) >> Can a user have more than one set of credentials? Does every user >> have credentials? Is a user authenticated, or are credentials >> authenticated? > > Each user has one set of credentials assigned to them, the > credentials consist of a Username and Password. (..) Then I would not bother splitting up a user into a user, a profile and credentials. >> So a user always has one entitlement? > > That's correct, every user would have at least one entitlement. At least one, so they can have more. Yet it appears that your getEntitlements() method (plural) returns an object (singular) with an isEntitled() method. That is not consistent. You can either change your getEntitlements() method to return a collection of entitlements and for each entitlement you need to do an IsEntitled() call. If you only register positive or negative entitlements (user is allowed or user is not allowed) that should work fine and you can just return the first hit. If you register both (according to entitlement X he is allowed, but according to entitlement Y he is not) you need to have a conflict resolution mechanism. The other way, and the way I would choose, is to make all that stuff private and just expose an isEntitled() method directly on the user object. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 & Flex 2. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271860 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4