From: Nick Han [mailto:[EMAIL PROTECTED]
Sent: Saturday, 22 May 2004 6:51 AM
<<<<I would recommend using permission objects-base framework over
roles-based.��Problem with relying on roles is that when you need to allow
another role to insert or update, you have to go through the templates
where��inserts or updates are referenced and change the code.��Very
inflexible.��But if you're using permision objects-based model, you assign
that object id to any number of roles, and if the loggin user has the role
which contains that ID, then access is granted.��
You can write a udf that could do something like this.
<cfif isAllowed("update user record")>
show update link here
</cfif>>>>>
�
�
�
Nick, I�m trying to understand how this would appear in practice.�� Does
this mean you�d have a table of authority levels or groups, a table of
things they could do, and a many-many table linking them together?��� In
which case a user would have a record in the user table,�� a number of
records in the user-groups table linking the user to one or more groups?
�
Is this how it would be?:
�
Tbl_USERS� (All user information)
Userid
Username
etc
�
�
Tbl_GROUPS� (Group names)
GroupID
Groupname
�
�
Tbl_AUTHORITYLEVELS (Authority Levels)
AuthorityLevelID
Authorityname
�
�
Tbl_TASKS� (The tasks different groups can perform)
TaskID
TaskName
�
�
Tbl_USERSGROUPS� (allocates users to groups)
UserGroupID
UserID
GroupID
�
�
Tbl_GROUPAUTHORITIES� (allocates authority levels to different groups)
GroupAuthorityID
GroupID
AuthoritylevelID
�
�
Tbl_TASKSAUTHORITIES� (Allocates tasks to different authority levels)
TaskAuthorityID
TaskID
AuthorityLevelID
�
�
Cheers
Mike Kear
Windsor, NSW, Australia
AFP Webworks
http://afpwebworks.com
�
�
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
