Hi everyone,
I'm a bit curious as to how people handle user permissions here in their
fusebox apps.
My current scheme seen in my by no means 100% XFB compliant apps is to store
my fuseaction names in a DB table and have another table link between my
fuseactions and my user groups.
Seeing as I'm using nested fuseboxes, I can also specify a groups of
fuseboxes, for example, I can give managers access to the users group of
fuseboxes, but can implicitly imply that users.del is only accessible by
administrators. Any fuseaction not listed in the table is freely accessible
to all groups. I load this information in to a structure in the application
scope of my application at runtime and I check against it for each fuse I
call. I know this is a bit of added overhead, but on the scale I'm working,
it's not really that bad. This is where I really like nested fuseboxes,
because I can just set the permissions once at the parent level and have it
inherited by all children. What I'd like to know if there are any big
problems in my methodology and whether there is a much easier way.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
