1) Best practice is to use permissions, as using hasRole essentially means that you're hardcoding your security model into the templates. Occasionally it is the best approach though, which is why it exists. 2) You can show and hide menu items (and control the respective pages) in the tree by changing View permissions on Site Tree nodes, and control webskin access by role. Anything beyond that tends to vary wildly from application to application, and the checkPermission function (and sec:checkPermission tag) accomodate most requirements.
Some other interesting titbits: - FarCry supports object specific and type wide restrictions for any content type, but only a few types are configured by default - the deniedAccess.cfm webskin is used when a user requests a page when they don't have the View permission or haven't been granted access to the webskin - it's possible to key webskin caching by the user role On Sat, Sep 18, 2010 at 6:43 AM, verlsnake <[email protected]> wrote: > One more remark: One of the most prominent tasks of web development > frameworks is the following: > * Map incoming requests to the code that handles them. > > Here security could come in handy to: > - Avoid access to code users are not allowed to invoke at all due to > their roles > - Map the requests themselves to different code dependent on the > user's roles > > > Does this interplay of security and request mapping make sense ? And > is it perhaps even a mainstream use case for FarCry web sites/apps ? > > > > On Sep 17, 10:24 pm, verlsnake <[email protected]> wrote: > > The use of 'application.security.hasRole("role name")' in code is > > probably what I had in mind ... Is this use case unusual somehow ? > > Meaning that the security mechanism was not meant to be used this > > way ? And I should better introduce additional user variables which > > steer possible variations in code ? Just asking because I'm not (yet) > > in the trenches ... > > > > On Sep 17, 1:25 am, Blair McKenzie <[email protected]> wrote: > > > > > First, documentation: > > > - > https://farcry.jira.com/wiki/display/FCDEV50/Security+Introduction#Se... > > > > > The gist is that you can add your own permissions and roles to > suplement the > > > default ones. In fact anyone who actually needs roles (and not just > > > anonymous vs sysadmin) will usually end up creating their own. > > > > > application.security.checkPermission() is good for checks against > specific > > > known permissions. > > > > > If you do really want to check for specific roles in code you can use > > > application.security.hasRole("role name"), and it will check the logged > in > > > user. > > > > > Blair > > > > > On Fri, Sep 17, 2010 at 7:45 AM, verlsnake <[email protected]> > wrote: > > > > I would like to use FarCry's authorization capabilities in code, too; > > > > that is I want to have the possibility to run different (business/ > > > > goodness/whatsoever) logic dependent on which groups/roles the user > > > > belongs to ... > > > > > > Is that easily possible out of the box with the FarCry Security > > > > Model ? > > > > > > -- > > > > You received this message cos you are subscribed to "farcry-dev" > Google > > > > group. > > > > To post, email: [email protected] > > > > To unsubscribe, email: > > > > [email protected]<farcry-dev%[email protected]> > <farcry-dev%[email protected]<farcry-dev%[email protected]> > > > > > > For more options:http://groups.google.com/group/farcry-dev > > > > -------------------------------- > > > > Follow us on Twitter:http://twitter.com/farcry > > -- > You received this message cos you are subscribed to "farcry-dev" Google > group. > To post, email: [email protected] > To unsubscribe, email: > [email protected]<farcry-dev%[email protected]> > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry > -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
