can you make the processing skip to the closing cf_securecheck tag if the
opener fails?
the most useful thing (imho) about roles security is that you can if out
small portions of pages, both display and processing. If this conditional
could be put into a custom tag, perhaps with an incoming parameter
"validationMessage" which, if not null, would set
request.bodycontent. maybe you could even make cf_secureCheck a child tag
of cf_bodycontent.
the only sticker above there is how to use cf_secureCheck to if out
processing, cuz you can if out display with it with
thistag.generatedcontent, but if the coders still have to know how to do
the conditionals to if out processing it spoils it.
anyone know a way? only thing i can think of would involve wrapping the
custom tag (where it is called, not within the custom tag) in a cftry and
using that to skip down.
hmmm
good idea nat.
>-----Original Message-----
>From: Nat Papovich [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, May 23, 2001 9:18 AM
>To: Fusebox
>Subject: RE: Cf_BodyContent and other functionalities!!
>
>
>Here's another nice feature of cf_bodycontent, highly adaptable to your own
>needs:
>
>While creating the need for a comprehensive security mechanism for my latest
>fusebox effort (no, I'm not using Steve's (ahem) wonderful app_secure
>model), I created a custom tag called <cf_secureCheck>. This tag can be
>wrapped in anything you want secured like this:
><cf_secureCheck ...>
> <a href="link to admin">
></cf_secureCheck>
>
>But if you skip the closing </cf_secureCheck>, this fine tag can also just
>get chucked into the top of a fuseaction, or a fuse or anywhere in the site,
>and any request that finds one of these tags requires the secureCheck to
>validate.
>
>cf_secureCheck takes a few variables like roleID, groupID, objectID - stuff
>like that. The actual validation isn't the cool part. It just does
>validation based on who has what permissions to do what. The neat part is
>that it works in conjunction with cf_bodycontent by setting
>request.bodycontent to a validation error message if the validation
>requested by cf_secureCheck failed. Inside cf_secureCheck, if the validation
>fails, I set the global-ish request scope variable request.bodycontent to be
>an error message and in a *slightly* modified (changed a cfset to a cfparam)
>cf_bodycontent, it outputs the contents.
>
>Since we're using cf_bodycontent already, all the developers have to do is
>call this handy secureCheck tag for any validation they require. If they
>don't include a closing </cf_secureCheck> tag, then the headers and footers
>still stay the same, _but_ the body on the page is not displayed (because
>the fuseaction requested is not available to the given user).
>
>Don't be afraid to take a look inside bodycontent. Using open and close
>custom tags is really powerful. On the same note, look inside
>formUUL2attributes. There are a few neat things inside it, and you can even
>modify it to copy application scope vars to request scope, which eliminates
>the need to call the application scope for reads!
>
>NAT
>
>
> > -----Original Message-----
> > From: Adam Phillip Churvis [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, May 22, 2001 11:57 PM
> > To: Fusebox
> > Subject: Re: Cf_BodyContent and other functionalities!!
> >
> >
> > > I've been using Cf_bodyContent for a little while but my question is:
> > >
> > > What are the other functionalities of this tag apart from the
> > fact that it
> > > enables us to insert a header and a footer?
> > >
> > > I've been missing a great deal of things...what are the other
> > possiblities
> > > that exist????
> >
> > You can easily define context-dependent sections for a website.
><snipped>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
