subject:"User, Permission Management"

User, Permission Management

2006-01-07 Thread Baz

Hi,

I'm curious how people are handling session/user/permission/login management
these days...

Have most of you implemented your own custom solutions? Do a lot of people
use cflogin? Are people using CFC roles?

How are people handling checking permissions for each page? Do you check
against data stored in memory? Do you query on each request? Let's say that
there are regular users and admins, how verify which one they are?
 
Just curious,

Cheers,
Baz





~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228688
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: User, Permission Management

2006-01-07 Thread James Holmes

I use CFLOGIN with CFC roles. This provides for the user/admin/etc
scenario and generally suffices for most of our security needs. The
authentication is done via LDAP and everything is secured via SSL.
Security checking for each page is done with IsUserInRole(), which
therefore works with memory.

On 1/7/06, Baz [EMAIL PROTECTED] wrote:
 Hi,

 I'm curious how people are handling session/user/permission/login management
 these days...

 Have most of you implemented your own custom solutions? Do a lot of people
 use cflogin? Are people using CFC roles?

 How are people handling checking permissions for each page? Do you check
 against data stored in memory? Do you query on each request? Let's say that
 there are regular users and admins, how verify which one they are?

--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228691
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Snake

I have users, groups, resources and permissions. And a nice GUI to manage it
all.

A resource (such as user management, product management) has permissions
created for it.
A group has resources assigned to it
A user is in a group or groups.

When a user logs in, all permissions for all groups he is a member of are
loaded into session.permissions.

In my code I use a UDF to check that a user has permission to perform a
function or view a page.

cfif request.hasPermission('permission name')

Allow content

cfelse
cfoutput#request.noaccess#/cfoutput
/cfif

--
Snake

 

-Original Message-
From: Baz [mailto:[EMAIL PROTECTED] 
Sent: 07 January 2006 10:32
To: CF-Talk
Subject: User, Permission Management

Hi,

I'm curious how people are handling session/user/permission/login management
these days...

Have most of you implemented your own custom solutions? Do a lot of people
use cflogin? Are people using CFC roles?

How are people handling checking permissions for each page? Do you check
against data stored in memory? Do you query on each request? Let's say that
there are regular users and admins, how verify which one they are?
 
Just curious,

Cheers,
Baz







~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228692
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Dawson, Michael

Maybe I'm a bit daft, but I never really understood the logic of using
CFC roles.

Let's say I use CFLOGIN and I assign a user to a normal role, but not
to an admin role.

Then, I have a function with the roles attribute set to admin.

When the user calls a page that uses the function, it's going to throw
an exception.

So, I then need to wrap it in a CFTRY/CFCATCH block and then determine
what to do when the exception occurs.

If the normal user is not allowed to call an admin function, why
would I just not use application logic to determine what functions a
user can actually call?

I have never really understood this functionality of CF:

cftry
  cfset result = myAdminFunc()
  cfcatch type=any
cfset result = myNormalFunc()
  /cfcatch
/cftry

When I could do:

cfif myUser.roles contains admin
  do admin stuff here
cfelse
  do normal stuff here
/cfif

Am I missing the actual reason for CFC roles?

M!ke

-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED] 
Sent: Saturday, January 07, 2006 6:18 AM
To: CF-Talk
Subject: Re: User, Permission Management

I use CFLOGIN with CFC roles. This provides for the user/admin/etc
scenario and generally suffices for most of our security needs. The
authentication is done via LDAP and everything is secured via SSL.
Security checking for each page is done with IsUserInRole(), which
therefore works with memory.

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228702
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: User, Permission Management

2006-01-07 Thread Matt Robertson

disclaimer:  I'm describing a commercial product I sell.

I have users, permissions, groups and profiles.

Anything you want can be assigned a permission.  This could be a whole
template, a single snippet of code or perhaps a number of snippets spread
out amongst a variety of templates.  Depending on how you apply them they
could also be anti-permissions.

What I call groups are something I am probably going to phase out with a
recent upgrade I did to the system, and will only keep for legacy support.
They were basically intended to serve the same role as permissions, except a
given resource could belong to any number of groups, and a user could belong
to any number of groups.  If there was one match between them the user was
granted permission to the resource.  Since now I can have a single resource
allow access to more than one permission this takes away a lot of the need
for 'groups'.

A profile is a collection of permissions and group memberships that can be
applied in bulk to a user.  The profile can then be customized individually.

The user has their groups and permissions stored in memory after login.
Resources either have their permissions hardcoded into the code (if
protecting at the snippet level) or pulled from a database record (if
building into something like page access for a cms).

I wrap permission management in with application security in general.  Its
not just the assiggnment of permissions you have to worry about, but the
circumvention of those permissions as well.  cross-site scripting, SQL
injection, proper storage of the user password, hint and answer, secure
method of self-service password reset... I really prefer to drop in a
complete security/permission system in toto.  The trouble is clients always
want to dumb the thing down so they don't need strong passwords etc.



On 1/7/06, Dawson, Michael [EMAIL PROTECTED] wrote:

 Maybe I'm a bit daft, but I never really understood the logic of using
 CFC roles.

 Let's say I use CFLOGIN and I assign a user to a normal role, but not
 to an admin role.

 Then, I have a function with the roles attribute set to admin.

 When the user calls a page that uses the function, it's going to throw
 an exception.

 So, I then need to wrap it in a CFTRY/CFCATCH block and then determine
 what to do when the exception occurs.

 If the normal user is not allowed to call an admin function, why
 would I just not use application logic to determine what functions a
 user can actually call?

 I have never really understood this functionality of CF:

 cftry
   cfset result = myAdminFunc()
   cfcatch type=any
 cfset result = myNormalFunc()
   /cfcatch
 /cftry

 When I could do:

 cfif myUser.roles contains admin
   do admin stuff here
 cfelse
   do normal stuff here
 /cfif

 Am I missing the actual reason for CFC roles?

 M!ke

 -Original Message-
 From: James Holmes [mailto:[EMAIL PROTECTED]
 Sent: Saturday, January 07, 2006 6:18 AM
 To: CF-Talk
 Subject: Re: User, Permission Management

 I use CFLOGIN with CFC roles. This provides for the user/admin/etc
 scenario and generally suffices for most of our security needs. The
 authentication is done via LDAP and everything is secured via SSL.
 Security checking for each page is done with IsUserInRole(), which
 therefore works with memory.

 

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228712
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Baz

Hey Matt,

Where can we take a look at this product?

Cheers,
Baz


-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED] 
Sent: Saturday, January 07, 2006 12:18 PM
To: CF-Talk
Subject: Re: User, Permission Management

disclaimer:  I'm describing a commercial product I sell.

I have users, permissions, groups and profiles.

Anything you want can be assigned a permission.  This could be a whole
template, a single snippet of code or perhaps a number of snippets spread
out amongst a variety of templates.  Depending on how you apply them they
could also be anti-permissions.

What I call groups are something I am probably going to phase out with a
recent upgrade I did to the system, and will only keep for legacy support.
They were basically intended to serve the same role as permissions, except a
given resource could belong to any number of groups, and a user could belong
to any number of groups.  If there was one match between them the user was
granted permission to the resource.  Since now I can have a single resource
allow access to more than one permission this takes away a lot of the need
for 'groups'.

A profile is a collection of permissions and group memberships that can be
applied in bulk to a user.  The profile can then be customized individually.

The user has their groups and permissions stored in memory after login.
Resources either have their permissions hardcoded into the code (if
protecting at the snippet level) or pulled from a database record (if
building into something like page access for a cms).

I wrap permission management in with application security in general.  Its
not just the assiggnment of permissions you have to worry about, but the
circumvention of those permissions as well.  cross-site scripting, SQL
injection, proper storage of the user password, hint and answer, secure
method of self-service password reset... I really prefer to drop in a
complete security/permission system in toto.  The trouble is clients always
want to dumb the thing down so they don't need strong passwords etc.



On 1/7/06, Dawson, Michael [EMAIL PROTECTED] wrote:

 Maybe I'm a bit daft, but I never really understood the logic of using
 CFC roles.

 Let's say I use CFLOGIN and I assign a user to a normal role, but not
 to an admin role.

 Then, I have a function with the roles attribute set to admin.

 When the user calls a page that uses the function, it's going to throw
 an exception.

 So, I then need to wrap it in a CFTRY/CFCATCH block and then determine
 what to do when the exception occurs.

 If the normal user is not allowed to call an admin function, why
 would I just not use application logic to determine what functions a
 user can actually call?

 I have never really understood this functionality of CF:

 cftry
   cfset result = myAdminFunc()
   cfcatch type=any
 cfset result = myNormalFunc()
   /cfcatch
 /cftry

 When I could do:

 cfif myUser.roles contains admin
   do admin stuff here
 cfelse
   do normal stuff here
 /cfif

 Am I missing the actual reason for CFC roles?

 M!ke

 -Original Message-
 From: James Holmes [mailto:[EMAIL PROTECTED]
 Sent: Saturday, January 07, 2006 6:18 AM
 To: CF-Talk
 Subject: Re: User, Permission Management

 I use CFLOGIN with CFC roles. This provides for the user/admin/etc
 scenario and generally suffices for most of our security needs. The
 authentication is done via LDAP and everything is secured via SSL.
 Security checking for each page is done with IsUserInRole(), which
 therefore works with memory.

 



~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228735
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Snake

Here's a few screenshots of how mine works.

http://www.satachi.com/images/evolver/permissions.gif
http://www.satachi.com/images/evolver/groups.gif
http://www.satachi.com/images/evolver/users.gif

Russ 

-Original Message-
From: Baz [mailto:[EMAIL PROTECTED] 
Sent: 07 January 2006 21:54
To: CF-Talk
Subject: RE: User, Permission Management

Hey Matt,

Where can we take a look at this product?

Cheers,
Baz


-Original Message-
From: Matt Robertson [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 07, 2006 12:18 PM
To: CF-Talk
Subject: Re: User, Permission Management

disclaimer:  I'm describing a commercial product I sell.

I have users, permissions, groups and profiles.

Anything you want can be assigned a permission.  This could be a whole
template, a single snippet of code or perhaps a number of snippets spread
out amongst a variety of templates.  Depending on how you apply them they
could also be anti-permissions.

What I call groups are something I am probably going to phase out with a
recent upgrade I did to the system, and will only keep for legacy support.
They were basically intended to serve the same role as permissions, except a
given resource could belong to any number of groups, and a user could belong
to any number of groups.  If there was one match between them the user was
granted permission to the resource.  Since now I can have a single resource
allow access to more than one permission this takes away a lot of the need
for 'groups'.

A profile is a collection of permissions and group memberships that can be
applied in bulk to a user.  The profile can then be customized individually.

The user has their groups and permissions stored in memory after login.
Resources either have their permissions hardcoded into the code (if
protecting at the snippet level) or pulled from a database record (if
building into something like page access for a cms).

I wrap permission management in with application security in general.  Its
not just the assiggnment of permissions you have to worry about, but the
circumvention of those permissions as well.  cross-site scripting, SQL
injection, proper storage of the user password, hint and answer, secure
method of self-service password reset... I really prefer to drop in a
complete security/permission system in toto.  The trouble is clients always
want to dumb the thing down so they don't need strong passwords etc.



On 1/7/06, Dawson, Michael [EMAIL PROTECTED] wrote:

 Maybe I'm a bit daft, but I never really understood the logic of using 
 CFC roles.

 Let's say I use CFLOGIN and I assign a user to a normal role, but 
 not to an admin role.

 Then, I have a function with the roles attribute set to admin.

 When the user calls a page that uses the function, it's going to throw 
 an exception.

 So, I then need to wrap it in a CFTRY/CFCATCH block and then determine 
 what to do when the exception occurs.

 If the normal user is not allowed to call an admin function, why 
 would I just not use application logic to determine what functions a 
 user can actually call?

 I have never really understood this functionality of CF:

 cftry
   cfset result = myAdminFunc()
   cfcatch type=any
 cfset result = myNormalFunc()
   /cfcatch
 /cftry

 When I could do:

 cfif myUser.roles contains admin
   do admin stuff here
 cfelse
   do normal stuff here
 /cfif

 Am I missing the actual reason for CFC roles?

 M!ke

 -Original Message-
 From: James Holmes [mailto:[EMAIL PROTECTED]
 Sent: Saturday, January 07, 2006 6:18 AM
 To: CF-Talk
 Subject: Re: User, Permission Management

 I use CFLOGIN with CFC roles. This provides for the user/admin/etc 
 scenario and generally suffices for most of our security needs. The 
 authentication is done via LDAP and everything is secured via SSL.
 Security checking for each page is done with IsUserInRole(), which 
 therefore works with memory.

 





~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228737
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: User, Permission Management

2006-01-07 Thread Matt Robertson

http://mysecretbase.com/AMPro2_screenshots.cfm will get you to a view of the
two admin screens.  More stuff linked on the menu at left.

I have been buried under some pretty well-paying work for months so I
haven't had a chance to redo the Flash movie, or the tutorials or all of the
screen shots devoted to v1.x, which had a very basic interface which matched
up wiith the product's $29.95 price.  I needed something a lot more
intuitive and v2 was the result.  Been using it for some time, and its been
available to reg users for quite awhile.  I need 3-5 days of free time to
rewrite the docs and the pretty stuff, but anyone who understands the
v1.0setup can get up to speed on v2 pretty fast (I think/hope).

--
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com


On 1/7/06, Baz [EMAIL PROTECTED] wrote:

 Hey Matt,

 Where can we take a look at this product?

 Cheers,
 Baz


 -Original Message-
 From: Matt Robertson [mailto:[EMAIL PROTECTED]
 Sent: Saturday, January 07, 2006 12:18 PM
 To: CF-Talk
 Subject: Re: User, Permission Management

 disclaimer:  I'm describing a commercial product I sell.

 I have users, permissions, groups and profiles.

 Anything you want can be assigned a permission.  This could be a whole
 template, a single snippet of code or perhaps a number of snippets spread
 out amongst a variety of templates.  Depending on how you apply them they
 could also be anti-permissions.

 What I call groups are something I am probably going to phase out with a
 recent upgrade I did to the system, and will only keep for legacy support.
 They were basically intended to serve the same role as permissions, except
 a
 given resource could belong to any number of groups, and a user could
 belong
 to any number of groups.  If there was one match between them the user was
 granted permission to the resource.  Since now I can have a single
 resource
 allow access to more than one permission this takes away a lot of the need
 for 'groups'.

 A profile is a collection of permissions and group memberships that can be
 applied in bulk to a user.  The profile can then be customized
 individually.

 The user has their groups and permissions stored in memory after login.
 Resources either have their permissions hardcoded into the code (if
 protecting at the snippet level) or pulled from a database record (if
 building into something like page access for a cms).

 I wrap permission management in with application security in general.  Its
 not just the assiggnment of permissions you have to worry about, but the
 circumvention of those permissions as well.  cross-site scripting, SQL
 injection, proper storage of the user password, hint and answer, secure
 method of self-service password reset... I really prefer to drop in a
 complete security/permission system in toto.  The trouble is clients
 always
 want to dumb the thing down so they don't need strong passwords etc.



 On 1/7/06, Dawson, Michael [EMAIL PROTECTED] wrote:
 
  Maybe I'm a bit daft, but I never really understood the logic of using
  CFC roles.
 
  Let's say I use CFLOGIN and I assign a user to a normal role, but not
  to an admin role.
 
  Then, I have a function with the roles attribute set to admin.
 
  When the user calls a page that uses the function, it's going to throw
  an exception.
 
  So, I then need to wrap it in a CFTRY/CFCATCH block and then determine
  what to do when the exception occurs.
 
  If the normal user is not allowed to call an admin function, why
  would I just not use application logic to determine what functions a
  user can actually call?
 
  I have never really understood this functionality of CF:
 
  cftry
cfset result = myAdminFunc()
cfcatch type=any
  cfset result = myNormalFunc()
/cfcatch
  /cftry
 
  When I could do:
 
  cfif myUser.roles contains admin
do admin stuff here
  cfelse
do normal stuff here
  /cfif
 
  Am I missing the actual reason for CFC roles?
 
  M!ke
 
  -Original Message-
  From: James Holmes [mailto:[EMAIL PROTECTED]
  Sent: Saturday, January 07, 2006 6:18 AM
  To: CF-Talk
  Subject: Re: User, Permission Management
 
  I use CFLOGIN with CFC roles. This provides for the user/admin/etc
  scenario and generally suffices for most of our security needs. The
  authentication is done via LDAP and everything is secured via SSL.
  Security checking for each page is done with IsUserInRole(), which
  therefore works with memory.
 
 



 

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228740
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: User, Permission Management

2006-01-07 Thread James Holmes

They are great when sharing a CFC with another developer. They add a
level of self-documentation and prevent someone who doesn't read
documentation from incorrectly providing people access to the wrong
things. It'a about keeping the CFC self-contained and ensuring the
integrity of the app in the business logic rather than hoping the
developer gets it right in the interface logic or elsewhere.

On 1/8/06, Dawson, Michael [EMAIL PROTECTED] wrote:
 Maybe I'm a bit daft, but I never really understood the logic of using
 CFC roles.

--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228745
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Baz

Good points in favor of Roles James.

To extend M!ke's previous cftry/cfcatch example for handling roles, what
happens when many roles exist - maybe 5, 10 or 100... Does people's code
actually end up looking like this:

!--- admins ---
cftry
  cfset result = myAdminFunc()
  cfcatch type=any
  
!--- power users ---  
cftry
  cfset result = myAdminFunc()
  cfcatch type=any

!--- users ---
cftry
  cfset result = myAdminFunc()
  cfcatch type=any

!--- guests ---
cftry
  cfset result = myAdminFunc()

  !--- anonymous ---
  cfcatch type=any
cfset result = myNormalFunc()
  /cfcatch
/cftry
  /cfcatch
/cftry
  /cfcatch
/cftry
  /cfcatch
/cftry

Cheers,
Baz


-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED] 
Sent: Saturday, January 07, 2006 7:35 PM
To: CF-Talk
Subject: Re: User, Permission Management

They are great when sharing a CFC with another developer. They add a
level of self-documentation and prevent someone who doesn't read
documentation from incorrectly providing people access to the wrong
things. It'a about keeping the CFC self-contained and ensuring the
integrity of the app in the business logic rather than hoping the
developer gets it right in the interface logic or elsewhere.

On 1/8/06, Dawson, Michael [EMAIL PROTECTED] wrote:
 Maybe I'm a bit daft, but I never really understood the logic of using
 CFC roles.

--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/



~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228746
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

Re: User, Permission Management

2006-01-07 Thread James Holmes

I don't handle roles that way. I check to see if the user is in an
appropriate role in the interface code, with IsUserInRole(); if the
CFC throws a roles error it means there's a programming error so I let
it fail to my CFERROR handler template (which emails me and tells me
to fix the code). This should all show up in testing so by the time
the user gets to the product there should be no CFC roles errors.

On 1/8/06, Baz [EMAIL PROTECTED] wrote:
 Good points in favor of Roles James.

 To extend M!ke's previous cftry/cfcatch example for handling roles, what
 happens when many roles exist - maybe 5, 10 or 100... Does people's code
 actually end up looking like this:

 !--- admins ---
 cftry
   cfset result = myAdminFunc()
   cfcatch type=any

[snip]
--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/

~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228747
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

RE: User, Permission Management

2006-01-07 Thread Baz

I implement a template based permission infrastructure where basically 
users can either access a page or not. 

I've personally never bumped into a case that required CFC level permission
control... In what kind of situations do people find this valuable?
 
Some non-cfc in-page granular permission control I HAVE needed:

- Displaying links on a page to sections that a specific user has access to.
But I wouldn't write a new method for every possible role, I just check each
link to see if the user has perm to it or not.

- Limiting returned recordsets: Again, I wouldn't write a new method for
EVERY role, there are too many, I would just pass in some arguments and use
them to filter. Especially since it seems like 99% of your CFC would be the
same besides some WHERE clause or a couple of conditions.

- There are several others, but I have to go pick up my friend from the
airport.

Cheers,
Baz


-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED] 
Sent: Saturday, January 07, 2006 7:35 PM
To: CF-Talk
Subject: Re: User, Permission Management

They are great when sharing a CFC with another developer. They add a
level of self-documentation and prevent someone who doesn't read
documentation from incorrectly providing people access to the wrong
things. It'a about keeping the CFC self-contained and ensuring the
integrity of the app in the business logic rather than hoping the
developer gets it right in the interface logic or elsewhere.

On 1/8/06, Dawson, Michael [EMAIL PROTECTED] wrote:
 Maybe I'm a bit daft, but I never really understood the logic of using
 CFC roles.

--
CFAJAX docs and other useful articles:
http://jr-holmes.coldfusionjournal.com/



~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228749
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54

User, Permission Management

Re: User, Permission Management

RE: User, Permission Management

RE: User, Permission Management

Re: User, Permission Management

RE: User, Permission Management

RE: User, Permission Management

Re: User, Permission Management

Re: User, Permission Management

RE: User, Permission Management

Re: User, Permission Management

RE: User, Permission Management

12 matches

Site Navigation

Mail list logo

Footer information