Hey geo,
It doesn't look like your filter is comparing the required role_id with
what the event has access to.
I'd get a handle on the required role_id by adding
<cfset var required_role_id = arguments.paramArgs.role_id />
to the filter after the argument declarations. This is the value that
you've added to the event in you xml config.
Then change the logic where you check the permission to:
if(isUserInRole(required_role_id))
That should do it.
If you know that required_role_id won't change event to event (unlikely
is my guess, but I'll point it out anyway) then I would put the default
in the filter definition as:
<event-filters>
<event-filter name="permissionValidation"
type="blaz.filters.permissionValidation">
<parameter name="role_id" value="3"/>
</event-filter>
</event-filters>
That way you don't have to add it to every event in your xml.
hope this helps.
MikeF
geomunir wrote:
> I'm trying to get filter working, but for some reason its not working
> as expected. Maybe, something in my logic or i'm not getting the
> filter right.
>
> Whats happening?: Well, I see the event filter is being triggered, but
> nothing happens, regular page is displayed. I'm logged in as not
> authorized user (role_id=4), and reguired role_id = 3 (parameter).
>
> When i'm not authorized, i should be redirected to
> sysadmin.accessDenied event.
>
> Here is the code:
>
> mach-ii.xml
> --
> <event-filters>
> <event-filter name="permissionValidation"
> type="blaz.filters.permissionValidation" />
> </event-filters>
>
> <event-handler event="sysadmin.server_setting" access="public">
> <event-filter name="permissionValidation">
> <parameter name="role_id" value="3" />
> </event-filter>
>
> <view-page name="sysadmin.act_server_setting"/>
> <view-page name="sysadmin.server_setting"
> contentArg="layout.content" />
> <execute subroutine="sysadmin.compileLayout" />
>
> </event-handler>
>
>
> permissionValidation.cfc
> <cfcomponent extends="MachII.framework.EventFilter" hint="Permision
> Validation">
> <cffunction name="configure" access="public" output="false"
> returntype="void" hint="Configures the filter">
> <!--- Does nothing --->
> </cffunction>
>
>
> <!--- Authenticate Specfic Role --->
> <cffunction name="filterEvent" returntype="boolean">
> <!--- Required Arguments --->
> <cfargument name="event" type="MachII.framework.Event"
> required="true" />
> <cfargument name="eventContext"
> type="MachII.framework.EventContext" required="true" />
> <cfargument name="paramArgs" type="struct" required="false"
> default="#StructNew()#" />
>
>
> <cfscript>
> //Declare variable and assign initial value
> var validationBoolean = false;
>
> //If logged in user matches with Required role
> if(isUserInRole(event.getArg(role_id)))
> {
> //Assign value to a variable
> validationBoolean = true;
> }
> else
> {
> //Assign value to a variable
> validationBoolean = false;
>
> //Announce Mach-II Event-Handler
>
> arguments.eventContext.announceEvent("sysadmin.accessDenied",
> arguments.event.getArgs());
> }
>
> </cfscript>
>
>
>
>
> <cfreturn validationBoolean>
> </cffunction>
>
> </cfcomponent>
>
>
--
You received this message because you are subscribed to Mach-II for CFML list.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/mach-ii-for-coldfusion?hl=en
SVN: http://greatbiztoolsllc.svn.cvsdude.com/mach-ii/
Wiki / Documentation / Tickets:
http://greatbiztoolsllc.trac.cvsdude.com/mach-ii/
