Right ok - I think I am on the right track then - as I'm specifying a
permission on the fuseaction - then with a security plugin - I created -
I'm checking the permission vs. the access rights the user has (in a cookie
etc.)
So my security plugin runs and has some logic in it to check the permissions
on the current fuseaction -
So if it's not a 'publically' available fuseaction - (I've defined say 10
pages that are public) - then it will check the the fuseaction permission
against the user permissions.
<cfif isdefined('attributes.fuseaction') and
not(listfind(request.PublicAccessFuses,lcase(attributes.fuseaction)))>
I'm never referencing the security permissions from inside a fuseaction of
any kind - only the securityplugin is looking for 'access' or 'no-access'
for that fuseaction to that user.
Sound about right??
<phase name="preFuseaction">
<plugin name="Globals"
template="securitycheck.cfm"/>
</phase>
Kevin Penny
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Logware (www.logware.us): a new and convenient web-based time tracking
application. Start tracking and documenting hours spent on a project or with a
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212768
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
