Re: CFLDAP - Permission by AD group

Fri, 23 Dec 2005 07:56:15 -0800 

I not sure exactly which part you are looking for an elegant solution too
but the way I would handle it would be as follows:

Design a User Interface which you will implement as your
ADOUserDirecotryDao.cfc (or whatever).  This interface should have fairly
generic methods like say:

UserDirectoryDao.cfc
  - AuthenticateUser( userNamePassword )
  - RetrieveUser( userName )
  - GetUserGroups( userName )

ADOUserDirecotryDao -> implements the UserDirectoryDao.cfc "interface".
Since we dont have interfaces in Cold Fusion, you will just have to fake it
and extend UserDirectoryDao in the ADOUserDirecotryDao.

I would then create a matrix that maps Roles to Permissions.  something
like:

Administrator  : deleteItem, createItem, readItem, deleteSubItem, etc.
User: readItem, createitem

This could be in a table, an xml file, ini file, or some other store.

I would then have and object that takes the roles and translates them to the
permissions something like PermissionsDao.cfc that has a retrieve or
translate method.

I would then store those permission (and not the roles) in the user object
and persist that to the session scope ( most likely using a Facade ).

When needing to test a permission I would ask that user object:

<cfif oUser.hasPermmission("deleteItem")>
  <input type="button" value="delete">
</cfif>


Is this what you were looking for?  While I have implemented various parts
of this concept, this particular implementation is off the top of my head
and not very well thought out,  but might be a good starting point.









On 12/23/05, Jillian Koskie <[EMAIL PROTECTED]> wrote:
>
> Good morning...
>
> I'm still working on my system for authentication using our Active
> Directory.
>
> I can certainly query for the list of groups that a user is in and grant
> permission based on the group existing in the list.
>
> Has anybody done this in an elegant way?  I'm looking for some
> inspiration.
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
This list and all House of Fusion resources hosted by CFHosting.com. The place 
for dependable ColdFusion Hosting.
http://www.houseoffusion.com/banners/view.cfm?bannerid=11

Message: http://www.houseoffusion.com/lists.cfm/link=i:5:189586
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to