I'll email you offlist with a link. -----Original Message----- From: Rich Kroll [mailto:[EMAIL PROTECTED] Sent: 14 November 2005 18:24 To: CF-Talk Subject: RE: Module Security
Can you give me some more info on your framework (url?). Is this an open source project, as I would love to see how you've developed some of this functionality? Rich Kroll Application Developer -----Original Message----- From: Snake [mailto:[EMAIL PROTECTED] Sent: Monday, November 14, 2005 10:07 AM To: CF-Talk Subject: RE: Module Security I have created a roles based security model that is part of my framework. Create a resource. Create permissions for that resource. Create groups. Assign resourecs and permissions to that group. Assigns a user to groups. When a user logs in, all the permissions for the groups they are a member of are loaded into a session variable. I then have a UDF that checks permissions, which I can wrap around an entire resource, a page, or an object on a page. E.g. <cfif HasPermission('permission name')> Do this <cfelse> <cfoutput>#request.noaccess#</cfoutput> </cfif> And I have developed a nice UI for managing it all. -- Russ -----Original Message----- From: Rich Kroll [mailto:[EMAIL PROTECTED] Sent: 14 November 2005 14:23 To: CF-Talk Subject: Module Security Hello all, I am in the process of trying to develop a new security model for a project I am working on. I've developed the base model with a hierarchy of permissions to access areas of the application. My problem is that now I need to extend this to control certain modules within a page. These modules are not consistent to a specific page, or even a sequence of pages. My first thought is to have each specific module register with the system and then authenticate against that. Has anyone set up something along these lines and have any gotcha's I may be overlooking? One fear is, since this will be managed by end users, how to communicate what each "module" actually is for them to know if they want their users to have access. For example, within an existing workflow, on the third page in the process is an graph meant for administrators. Trying to explain "Process 1 step 3 graph" might get cumbersome. Any ideas? Rich Rich Kroll Application Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:224165 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
