You know, I've been struggling with this too. Not really struggling, as, hell, you can code up something that will work for one set of variables pretty easy, but making a general deal that's flexible and whatnot? Harder.
I'm leaning pretty heavy towards AOP and business object level permissions. As in, "this person has these rights to these functions". I'm not sure about overhead, and you *really* want the condensed spring format for doing AOP (I can't wait till that's officially in ColdSpring) but it's the finest you can get. I like to get as fine as possible, and then do a bunch of "global" type deals so you don't always have to drop to that fine level of detail (real PITA with hundreds of objects). The nice thing is that you can get the function map right from the live code, so part of what needs to be documented/stored is coming from the same stuff that needs to use it, which is nice. That "single point of reference" deal. Of course, now I"m wondering if I can do something like Hibernate does for when you change the database model (it'll automatically try to change the database to keep it in sync, if you so choose) when I change functions around and whatnot. The other thing I've done that was easy but not as portable, was to use a framework to access the model, and then do all the authorization on the framework events. With MG this isn't too bad, and you can even crawl through stuff to get the available event names from the code itself. But it breaks down at that fine-grained control level. You end up with multiple events and duplication or complicated inheritance schemes, etc.. I've been diddling with object-based AOP authorization POCs for a while, but I'm not quite "there" yet. Something's always not quite flexible for case X, or case Y, or the syncing sucks, or some-such. I'll holler if I find that magic bullet. The all in one, nimble fighter, long-range bomber deal. It does happen, every once in a while. -- Jack Burton: Just remember what ol' Jack Burton does when the earth quakes, and the poison arrows fall from the sky, and the pillars of Heaven shake. Yeah, Jack Burton just looks that big ol' storm right square in the eye and he says, "Give me your best shot, pal. I can take it." On Tue, Jun 17, 2008 at 4:51 PM, Mike Kear <[EMAIL PROTECTED]> wrote: > Thanks for your suggestions Claude. Perhaps i should give you a bit > more background to this project. Just to clarify, the scenario is > about the opposite to the one you are puzzled by. I see the > circumstances where we might want to allow someone to edit content, > but for safety's sake not delete it or add new content. .... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:307648 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
