Blair,
Here's what I did, not sure if this is the best method or not...
rather that create a new permission (giving me one more thing to
manage) I put hte following in my custom login.cfm forthe project
insuide the <cfif bloggedin>
<!--- check for SP groups--->
<cfset lsalespartnerGroupIDs = "10,18,20,21">
<cfloop list="#lsalespartnerGroupIDs#" index="i">
<cfif listfind(session.dmsec.authentication.lPolicyGroupIDs,i)>
<cfset session.dmSec.authentication.salespartner = 1>
</cfif>
</cfloop>
Then whereever I need to display or not display, or filter (such as
verity colections), I just look for
isDefined(session.dmSec.authentication.salespartner)
good? Bad? Ugly?
On Aug 8, 12:06 pm, Chris Roth <[EMAIL PROTECTED]> wrote:
> Blair,
>
> So is I create a permission called isVIP and assign my groups to it,
> would is be good practice then to check permissions and add a flag to
> session.dmsec in my projects login.cfm page..
>
> I see bAdmin being set in a bLoggedIn if statement based on an
> iAdminState check..
>
> <cfset oAuthorisation = request.dmSec.oAuthorisation>
> <cfset iAdminState =
> oAuthorisation.checkPermission(permissionName="Admin",reference="PolicyGrou-p")>
>
> <cfif iAdminState eq 1>
> <!--- turn on admin permissions --->
> <cfset request.mode.bAdmin = 1>
> <cfset session.dmSec.authentication.bAdmin = 1>
>
> blah blah...
>
> If I do something like:
>
> <cfset iVIPState =
> oAuthorisation.checkPermission(permissionName="isVIP",reference="PolicyGrou-p")>
>
> <cfif iVIPState eq 1>
> <!--- turn on admin permissions --->
> <cfset request.mode.bVIP = 1>
> <cfset session.dmSec.authentication.bVIP = 1>
>
> .....
>
> would I be inline with good practice?
>
> On Aug 7, 4:03 pm, "Blair McKenzie" <[EMAIL PROTECTED]> wrote:
>
>
>
> > You're pretty much described the entire purpose of groups and permissions.
> > Could you just create an extra permission, add it to each of those groups,
> > then check for that permission where you would use the flag?
>
> > Blair
>
> > On 8/8/07, Chris Roth <[EMAIL PROTECTED]> wrote:
>
> > > I'd like to check the current user's groups, and if they are a memeber
> > > of a certain list of groups set a flag that I can use pretty much
> > > anywhere. Where is the best place/scope (session,request??) to set
> > > this... for example.
>
> > > for exmaple, if I set this in the dmheader.cfm include, it does nto
> > > seem to "always" be available.. (ie search results, etc.)
>
> > > <cfparam name="WHATSCOPE??.VIP" default="0">
>
> > > <!--- determine the policy groups (or roles) this user belongs to --->
> > > <cfif isDefined("session.dmsec.authentication.lPolicyGroupIDs") and
> > > listLen(session.dmsec.authentication.lPolicyGroupIDs)>
> > > <!--- concatenate logged in group permissions with anonymous group
> > > permissions --->
> > > <cfset lpolicyGroupIds =
> > > session.dmsec.authentication.lPolicyGroupIDs
> > > & "," & application.dmsec.ldefaultpolicygroups>
> > > <!--- check for sales partners access --->
> > > <cfset lVIPGroupIDs = "18,10">
> > > <cfloop list="#lVIPGroupIDs#" index="i">
> > > <cfif listfind(session.dmsec.authentication.lPolicyGroupIDs
> > > ,i)><cfset
> > > WHATSCOPE??.VIP = 1></cfif>
> > > </cfloop>
> > > <cfelse>
> > > <!--- user not logged in, assume anonymous permissions --->
> > > <cfset lpolicyGroupIds = application.dmsec.ldefaultpolicygroups>
> > > </cfif>- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"farcry-dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/farcry-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
