We use a Security structure like this:
SecLevel.Admin = 1
SecLevel.Update = 2
SecLevel.Public = 3
The Higher access being the lowest number, so that any revisions to the
security would be higher numbers. Then we can do a numeric comparison for
access.
Next, we store the user's access level as a string (i.e.
Session.Access="Update").
So, when we need to check security access, we need the level required to
view the page, and the user's access level. We do a comparison of the two
numbers - if the user's number is equal, or less than the required number,
then they have access. (I'm hoping this is the inheritance you wanted.)
<cfif evaluate("SecLevel.#ReqAccess#") lte
evaluate("SecLevel.#Session.Access#")>
Access granted
<cfelse>
Access Denied
</cfif>
Then we write a <cfscript> or UDF to do the actual security check and return
a true/false to indicate if the user is allowed to see the page.
I'd post more code, but I think my supervisor's might have a problem with
that (intellectual property and all). But hopefully this is enough to get
you started, or at least compare your methods.
Shawn Grover
-----Original Message-----
From: Aidan Whitehall [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 14, 2001 2:49 AM
To: CF-Talk
Subject: Application security
Does any kind soul have some code they would be prepared to share with a
fellow developer?
I've got about 100 lines in the Application.cfm which works fine, but want
to see how other people tackle the problem. I need something that grants
directory access permissions based on an ID value set on login.
For example, any user (logged in or not) can access root, /public/ and
/help/, all ID1s can additionally access files in the /setup/ folder, all
ID2s can access /edit/ folder, all ID3s can access /edit/, /edit/new/ and
/edit/delete/, etc.
I'm not after an out of the box solution... anything that will give an
insight into a way of handling application security and that has some sort
of "inheritance" would be really useful.
Thanks in advance (just about to trawl through the Developers Exchange).
Aidan
--
Aidan Whitehall <[EMAIL PROTECTED]>
Macromedia ColdFusion Developer
Fairbanks Environmental +44 (0)1695 51775
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
