You can simplify this even further by using the BitAnd function. This
operates on a 32 bit integer. Give different facilities a unique binary
number (1 2 4 8 16 32 64 etc...)
Then assign a user a security number which is a summation of the facilities
the user is allowed to do. Then use bitand (with the facility) to determine
if a user can see facilities.
You do need to define the security constants, but this is usually not a
problem.
> ----------
> From: Joseph Higgins[SMTP:[EMAIL PROTECTED]]
> Sent: 08 October 2000 19:31
> To: Fusebox
> Subject: RE: Security issues
>
> I Use this in my act_authenticate.cfm
>
> <CFSET Client.Permissions = AuthenticateUser.Permissions>
> <CFSET Client.UserType = AuthenticateUser.UserType>
>
> Then on each page I use this code to see if the user has permissions:
>
> <cfif ListFindNoCase(#Client.Permissions#,"AddUser")> (or for
> whaterver
> permission I set)
>
> The permissions are set in a single field in the user database in a
> comma
> delimited list.
>
>
>
> Right. I guess I wasn't being clear in what I was asking. My question
> wasn't about authenticating the users, but with what comes next. I'm
> wondering how other people handle delivering different tools to different
> levels of users... do they have a lot of conditional processing on each
> page, which turns into spaghetting pretty quickly, or do they have four
> different fuseactions, each dedicated to a different type of user
> (assuming
> they have four levels of user), or do they just code a separate section of
> the site for each kind of user (which wouldn't allow much code reuse).
>
> --------------------------------------------------------------------------
> ----
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
> send a message to [EMAIL PROTECTED] with 'unsubscribe' in
> the body.
>
**********************************************************************
This email and any attachments are confidential and solely
for the use of the intended recipient. They may contain
material protected by legal professional or other privilege.
If you are not the intended recipient or the person responsible
for delivering to the intended recipient, you are not authorised
to and must not disclose, copy, distribute or retain this email
or its attachments. Although this email and its attachments
are believed to be free of any virus or other defect, it is the
responsibility of the recipient to ensure that they are virus free
and no responsibility is accepted by the company for any
loss or damage arising from receipt or use thereof.
**********************************************************************
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
