RE: Roles in CFMX
Ryan, as far as I know, everytime you specify a list of roles, the user must be in ALL of them for the method call to work. Are you seeing otherwise? === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email: [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 1:19 PM To: CF-Talk Subject: RE: Roles in CFMX My bad, it does work like I stated in my first paragraph. You _can_ have multiple roles listed for a CFC and the loginuser only have one of those listed roles. Not sure on multiple roles for the user as our setup only allows for one role per user at the moment. I would still like to understand this better, so any personal opinions or pointers to further information (besides the docs) would be much appreciated. -Ryan -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:44 AM To: CF-Talk Subject: Roles in CFMX I need help understanding ROLES in CFMX because I think the concept goes against my idea of roles-based security. I would think that if you assign a user one to many roles and then if a role is listed in a comma delimited list in the roles parameter on a CFC, the user can access it, but that's not how it goes in CFMX. ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
RE: Roles in CFMX
My bad, it does work like I stated in my first paragraph. You _can_ have multiple roles listed for a CFC and the loginuser only have one of those listed roles. Not sure on multiple roles for the user as our setup only allows for one role per user at the moment. I would still like to understand this better, so any personal opinions or pointers to further information (besides the docs) would be much appreciated. -Ryan -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:44 AM To: CF-Talk Subject: Roles in CFMX I need help understanding ROLES in CFMX because I think the concept goes against my idea of roles-based security. I would think that if you assign a user one to many roles and then if a role is listed in a comma delimited list in the roles parameter on a CFC, the user can access it, but that's not how it goes in CFMX. Here's a quick rundown of my situation: we finished a major app, now two other groups want access to it and this requires limitations to certain areas and functions. When developing the original app we set everyone on the same role, so all CFCs have the role parameter set. Say for simplicity's sake, the three roles are G for guest, U for user, and A for Admin. Therefore Guests = G Users = G,U Admins = G,U,A On a CFC, if the role is G will the Users and Admins be able to use the CFC? What about a G,U restricted function, will Admins be able to access it? TIA, Ryan Kime mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Web Developer Webco Industries ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Re: Roles in CFMX
On Thursday, Aug 14, 2003, at 09:44 US/Pacific, Ryan Kime wrote: Say for simplicity's sake, the three roles are G for guest, U for user, and A for Admin. Therefore Guests = G Users = G,U Admins = G,U,A On a CFC, if the role is G will the Users and Admins be able to use the CFC? Yes. Admins are in role G. What about a G,U restricted function, will Admins be able to access it? Yes. Admins are in both roles G and U. What catches most people out is that if a function is restricted to roles X,Y that means that only users who are in BOTH groups can access it (rather than users who are in EITHER role X OR role Y). Sean A Corfield -- http://www.corfield.org/blog/ If you're not annoying somebody, you're not really alive. -- Margaret Atwood ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: Roles in CFMX
Ryan: I was working on the same issue earlier this week and was helped a great deal by Ray Camden. isUserInRole will treat what you pass it as a AND comparison, therefore if you pass G,U then the user must possess both roles. Note, what you pass is case-sensitive and there must be no spaces. So, if admins in your application are given all roles then isUserInRole(G) will allow all three of your hypothetical users access the CFC. Hope that helps! -JSLucido -Original Message- From: Ryan Kime [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:44 AM To: CF-Talk Subject: Roles in CFMX I need help understanding ROLES in CFMX because I think the concept goes against my idea of roles-based security. I would think that if you assign a user one to many roles and then if a role is listed in a comma delimited list in the roles parameter on a CFC, the user can access it, but that's not how it goes in CFMX. Here's a quick rundown of my situation: we finished a major app, now two other groups want access to it and this requires limitations to certain areas and functions. When developing the original app we set everyone on the same role, so all CFCs have the role parameter set. Say for simplicity's sake, the three roles are G for guest, U for user, and A for Admin. Therefore Guests = G Users = G,U Admins = G,U,A On a CFC, if the role is G will the Users and Admins be able to use the CFC? What about a G,U restricted function, will Admins be able to access it? TIA, Ryan Kime mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Web Developer Webco Industries ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
RE: Roles in CFMX
yes, the CFLOGIN/CFLOGINUSER/CFLOGOUT group of tags. -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 1:41 PM To: CF-Talk Subject: Re: Roles in CFMX Are you referring to using built in CF security tags like CFLOGIN etc.?? If not I don't see what MX or not would matter?? Personally I do custom security that is data driven by user group and then hooks in the code to restrict access. Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Ryan Kime [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, August 14, 2003 9:44 AM Subject: Roles in CFMX I need help understanding ROLES in CFMX because I think the concept goes against my idea of roles-based security. I would think that if you assign a user one to many roles and then if a role is listed in a comma delimited list in the roles parameter on a CFC, the user can access it, but that's not how it goes in CFMX. Here's a quick rundown of my situation: we finished a major app, now two other groups want access to it and this requires limitations to certain areas and functions. When developing the original app we set everyone on the same role, so all CFCs have the role parameter set. Say for simplicity's sake, the three roles are G for guest, U for user, and A for Admin. Therefore Guests = G Users = G,U Admins = G,U,A On a CFC, if the role is G will the Users and Admins be able to use the CFC? What about a G,U restricted function, will Admins be able to access it? TIA, Ryan Kime mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Web Developer Webco Industries ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: Roles in CFMX
Are you referring to using built in CF security tags like CFLOGIN etc.?? If not I don't see what MX or not would matter?? Personally I do custom security that is data driven by user group and then hooks in the code to restrict access. Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder Director www.cfug-vancouverisland.com - Original Message - From: Ryan Kime [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, August 14, 2003 9:44 AM Subject: Roles in CFMX I need help understanding ROLES in CFMX because I think the concept goes against my idea of roles-based security. I would think that if you assign a user one to many roles and then if a role is listed in a comma delimited list in the roles parameter on a CFC, the user can access it, but that's not how it goes in CFMX. Here's a quick rundown of my situation: we finished a major app, now two other groups want access to it and this requires limitations to certain areas and functions. When developing the original app we set everyone on the same role, so all CFCs have the role parameter set. Say for simplicity's sake, the three roles are G for guest, U for user, and A for Admin. Therefore Guests = G Users = G,U Admins = G,U,A On a CFC, if the role is G will the Users and Admins be able to use the CFC? What about a G,U restricted function, will Admins be able to access it? TIA, Ryan Kime mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Web Developer Webco Industries ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm