The advantage of using a permission is that if you need to add a new policy
group or add/remove the permission from an existing policy group, you won't
have to change the code. Simply check the box and the user will start seeing
the result. I guess it's a situation where you have to balance set up work
now vs. maintenance work later.
The authorisation component provides functionality for doing the check
automatically. The permissionname argument is straightforward, reference is
either "dmNavigation" for site tree permissions or "PolicyGroup" for general
permissions.
Another option when using a permission is the security:CheckSecurity tag,
which automatically checks for the policygroup permission:
<cfimport taglib="/farcry/core/tags/security" prefix="sec" />
<sec:CheckSecurity permissionname="yourpermission">
This stuff will only be processed/displayed if the logged in user has the
permission.
</sec:CheckSecurity>
Blair
On 8/9/07, Chris Roth <[EMAIL PROTECTED]> wrote:
>
>
> Blair,
>
> Here's what I did, not sure if this is the best method or not...
> rather that create a new permission (giving me one more thing to
> manage) I put hte following in my custom login.cfm forthe project
> insuide the <cfif bloggedin>
>
> <!--- check for SP groups--->
> <cfset lsalespartnerGroupIDs = "10,18,20,21">
> <cfloop list="#lsalespartnerGroupIDs#" index="i">
> <cfif listfind(session.dmsec.authentication.lPolicyGroupIDs,i)>
> <cfset session.dmSec.authentication.salespartner = 1>
> </cfif>
> </cfloop>
>
> Then whereever I need to display or not display, or filter (such as
> verity colections), I just look for
>
> isDefined(session.dmSec.authentication.salespartner)
>
> good? Bad? Ugly?
>
> On Aug 8, 12:06 pm, Chris Roth <[EMAIL PROTECTED]> wrote:
> > Blair,
> >
> > So is I create a permission called isVIP and assign my groups to it,
> > would is be good practice then to check permissions and add a flag to
> > session.dmsec in my projects login.cfm page..
> >
> > I see bAdmin being set in a bLoggedIn if statement based on an
> > iAdminState check..
> >
> > <cfset oAuthorisation = request.dmSec.oAuthorisation>
> > <cfset iAdminState =
> > oAuthorisation.checkPermission
> (permissionName="Admin",reference="PolicyGrou-p")>
> >
> > <cfif iAdminState eq 1>
> > <!--- turn on admin permissions --->
> > <cfset request.mode.bAdmin = 1>
> > <cfset session.dmSec.authentication.bAdmin = 1>
> >
> > blah blah...
> >
> > If I do something like:
> >
> > <cfset iVIPState =
> > oAuthorisation.checkPermission
> (permissionName="isVIP",reference="PolicyGrou-p")>
> >
> > <cfif iVIPState eq 1>
> > <!--- turn on admin permissions --->
> > <cfset request.mode.bVIP = 1>
> > <cfset session.dmSec.authentication.bVIP = 1>
> >
> > .....
> >
> > would I be inline with good practice?
> >
> > On Aug 7, 4:03 pm, "Blair McKenzie" <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > You're pretty much described the entire purpose of groups and
> permissions.
> > > Could you just create an extra permission, add it to each of those
> groups,
> > > then check for that permission where you would use the flag?
> >
> > > Blair
> >
> > > On 8/8/07, Chris Roth <[EMAIL PROTECTED]> wrote:
> >
> > > > I'd like to check the current user's groups, and if they are a
> memeber
> > > > of a certain list of groups set a flag that I can use pretty much
> > > > anywhere. Where is the best place/scope (session,request??) to set
> > > > this... for example.
> >
> > > > for exmaple, if I set this in the dmheader.cfm include, it does nto
> > > > seem to "always" be available.. (ie search results, etc.)
> >
> > > > <cfparam name="WHATSCOPE??.VIP" default="0">
> >
> > > > <!--- determine the policy groups (or roles) this user belongs to
> --->
> > > > <cfif isDefined("session.dmsec.authentication.lPolicyGroupIDs") and
> > > > listLen(session.dmsec.authentication.lPolicyGroupIDs)>
> > > > <!--- concatenate logged in group permissions with anonymous
> group
> > > > permissions --->
> > > > <cfset lpolicyGroupIds =
> > > > session.dmsec.authentication.lPolicyGroupIDs
> > > > & "," & application.dmsec.ldefaultpolicygroups>
> > > > <!--- check for sales partners access --->
> > > > <cfset lVIPGroupIDs = "18,10">
> > > > <cfloop list="#lVIPGroupIDs#" index="i">
> > > > <cfif listfind(session.dmsec.authentication.lPolicyGroupIDs
> > > > ,i)><cfset
> > > > WHATSCOPE??.VIP = 1></cfif>
> > > > </cfloop>
> > > > <cfelse>
> > > > <!--- user not logged in, assume anonymous permissions --->
> > > > <cfset lpolicyGroupIds =
> application.dmsec.ldefaultpolicygroups>
> > > > </cfif>- Hide quoted text -
> >
> > > - Show quoted text -- Hide quoted text -
> >
> > - Show quoted text -
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"farcry-dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/farcry-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
