Thanks Jim for your suggestions. Its a bit late in the day for this
project to redesign the whole user authentication/access/permission
control architecture,but i have another project starting in a couple
of weeks and ill take a good look at what you've done for that one.
I am grateful for you input. I've valued your input many times
before. Thanks.
Thanks too, to Sean for seeing what i already knew and had only put
here as a deliberate lie to check if anyone's paying attention <g>
of course my code would only find the last test instead of stopping
the first time it found a match! I knew that!! <g>
So here's what i've done. ...
In each page of the admin i have the following, right up at the top of
the page:
<cfset RequiredPermissions = "10008,10009" /> (meaning anyone holding
either of these permissions can access the page - might be an edit
content page or a delete a section)
Then below that, in the header include is the following:
<cfparam name="RequiredPermissions" default="10000" />
(10000 is the default - everyone has that even anonymous users. so to
grant full access of a page to anyone i just dont set a permission in
the lines above the header include)
<cfset allow= application.useraccess.CheckPermissions(
session.user.getPermissions(), RequiredPermissions ) />
<cfif not(allow)>
<cflocation addtoken="no" url="/index.cfm" />
<cfabort>
</cfif>
The function application.useraccess.CheckPermissions() returns either
zero (dont allow access - cant find any permissions match) or a
positive integer, being the position of the first match, in which case
the user goes on to see the page.
Here's the method application.useraccess.CheckPermissions():
<cffunction name="CheckPermissions" access="public" output="false"
returntype="boolean" hint="compares the list of the user's permissions
with the permissions required. Returns zero if there are no matches,
an integer if at least one of the user's permissions matches one in
the required set">
<cfargument name="argUsersList" required="yes" type="string" />
<cfargument name="argRequiredList" required="yes" type="string" />
<cfset var OkToGo = false />
<cfset var Userpermissions = trim(arguments.argUsersList) />
<cfset var Permissionsrequired = trim(arguments.argRequiredList) />
<!----[ Loop through the list of permissions required, and stop if
it finds one ]---->
<cfloop list = "#Permissionsrequired#" index="i">
<cfset OkToGo = listfind(Userpermissions, "#i#") />
<cfif OkToGo>
<cfbreak/>
</cfif>
</cfloop>
<cfreturn OkToGo />
</cffunction>
This will also allow me to use this same method to show content only
to some people if i want. I.e. if you're logged in and you're one of
the people authorised to see this .. here's a bit just for you:
<cfif application.useraccess.CheckPermissions(
session.user.getPermissions(), "10685" ) >
<p>yada yada yada </p>
</cfif>
An example might be a page about the organisation's coming events,
with lots of stuff for the public, but also a section only shown to
logged-in members.
(the permission numbers are just numbers i made up for this thread -
they're a whole different series of numbers in the real site)
Thanks everyone. Might not be the perfect permissions set-up but
it's working and it gives me the granular kind of control that i need
for this application. And provides for the whims and fancies of the
management in the future.
Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade & see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:275272
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
