Do go further on security
How could I display the correct menu options which are generated from
the correct cfquery based on the user logged in.
So if the user logged in is from the personnel department the following
query populates the select boxes, but if the user logged in is from the
finance department then the finance query runs on the page to populate
the select box.
Can anybody see any flaws with this approach ? Or how it can be improved
to make the solution more flexible?
<cfquery name="pull_cat" datasource="8">
Select catno, category
>From personneldepartment
Where parent_level = 0
Order by category
</cfquery>
<cfquery name="pull_sub_cat" datasource="8">
Select catno, category, parent_level
>From personneldepartment
Where parent_level is not null
Order by parent_level, category
</cfquery>
--------------------------
<tr width="25%">
<td>
Document Category
</td>
<td width="75%">
<select size="1" name="cat" onchange="getSubs();">
<option value="none">-- Select A Main Category --
<option></option>
<cfoutput query="pull_cat">
<option value="#catno#">#category#
</cfoutput>
</select>
</td>
</tr>
<tr>
<td width="25%">
Document Sub Category
</td>
<td width="75%">
<select size="1" name="sub_cat">
<option value="none">-- Select a Main Category First --
</select>
</td>
</tr>
-----Original Message-----
From: Micha Schopman [mailto:[EMAIL PROTECTED]
Sent: 21 December 2004 10:27
To: CF-Talk
Subject: RE: ColdFusion built-in tags and permission-based security
framework
No I don't use the builtin functionality. The problem I have with
builtin functionality is that it is based on security around code,
instead of security around business processes. I don't want my code to
reflect a business process. I want it to accomplish a business process.
The builtin does not provide me with all the functionality I need or
want.
" Can you show me a quick example about my planned security
implementation being too strict?"
No, I meant, why do you think you're model is to strict for you. :) Most
people saying that, have in fact a good model, because it is so strict.
A lack of a good interface often tells them they should switch to a
easier model, but in fact they should do a UI redesign. :)
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 AL Amersfoort Tel 033-4535377, Fax
033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Special thanks to the CF Community Suite Silver Sponsor - New Atlanta
http://www.newatlanta.com
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:188362
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
