My approach is different. I believe that the user should never see an access security message. Users should only be able to view/invoke processes for which they have permission. Menu items, submit buttons, modification forms or fields which need to be protected should be done so by the system. If there are security related functions access level should determine whether they are available.
It is appropriate to disable an option but the user should not get a message that says "Hey dork, you can't do that." If a user has not logged in or has timed out just re-direct them to the appropriate login form (with a possible re-direct back to the desired function). -------------- Original message -------------- > But if you wanted to let the user know "You do not have permission, blah > blah blah" how would you approach it? Basically I am not so much asking a > security question as I am a CCV MVC Plugin question and getting thrown > errors into CCVs to output instead of what would have been the generated > content... maybe this isn't even possible. > > > > -----Original Message----- > > From: Sandy Clark [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 24, 2005 6:21 PM > > To: Fusebox > > Subject: RE: FB 4 & Security Plugin > > > > My personal preference is to not throw an error. I simply > > don't include > > items that don't pass security clearance. > > > > I've got to write this plugin up and send it out. > > > > Sandy > > > > -----Original Message----- > > From: Michael T. Tangorre [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 24, 2005 5:16 PM > > To: Fusebox > > Subject: FB 4 & Security Plugin > > > > For the last couple days I have been trying to figure out the > > most elegant > > way to handle working with the Security plugin in FB4. > > > > When a user tries to execute a fuseaction for which they do not have > > permission, the security plugin throws an exception > > "SecurityType". What is > > the best way to inform the user given the fact that my > > application is in MVC > > Fusebox and makes heavy use of CCVs to hold output. > > > > Should I: > > > > 1.) Use a redirect in the plugin itself to a circuit setup to > > handle errors? > > 2.) Let the error bubble up to a more global error handler > > and then do #1? > > 3.) Catch the exception (where?) and somehow package a > > message into a CCV > > for output (where?)? > > > > Up until now, I have just used a redirect (VERY KLUDGY) to an > > errorHandler > > circuit but there has to be a more graceful way. Remember I > > am MVC Fusebox > > and CCV :-) > > > > Thoughts? > > > > I need to get on that article I have been meaning to write for CFDJ on > > error/excpetion handling in FB. > > > > Ok peoples, hit me with your advice! > > > > Mike T. > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:12:6656 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/12 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:12 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.12 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
