I agree, Toby. Often the two overlap, but this is a matter of coincidence, not of their inherent nature and when people have confused these two in the past, bad things have resulted. Hence, my appeal to keep them separate.
-----Original Message----- From: Toby Tremayne [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 2:42 AM To: hal helms Subject: Re[2]: secure tag and permissions AHA! AHAHA! AHAHAHAHA! thank you Hal, now I may sleep. That does figure now I start to follow the logic. I wasn't sure, as I ran off the examples in the whitepaper you wrote and it doesn't discuss adding groups together - however that seemed the commonsense solution as I was writing it. In reference to Lee's email about list vs bit, I think it is a taste thing in some sense, but there are differences between roles and permissions. Not all applications can happily live with them being the same - a simple example I guess is if you have a predefined role, and you want to remove a single function from the domain of that role, then you've got a lot more work to do if you don't have individual permissions. To my mind, it works like this: You set permissions specific to every function, then group them - the groups are requivalent to roles. Some apps need that level of granularity, and a lot don't. Sometimes an app doesn't need it but it can be nice (if you're so inclined) to line it up this way in case you need changes in the future. my .02 Toby Thursday, April 04, 2002, 5:02:00 PM, you wrote: hh> John is in rare form today, first urging people to add code to their hh> prototypes and now suggesting that we abandon Bit math because it's hh> too much effort? I suspect someone has kidnapped my friend, John, hh> and is making him type these crazy things. hh> First to answer your question, the only problem you're having is hh> that you're effectively trying to add usergroups together. Nothing hh> wrong with that, but you need to use BitOr(). Example: hh> <cfset read = 1> hh> <cfset delete = 2> hh> <cfset edit = 4> hh> <cfset create = 8> hh> <cfset archive = 16> hh> <cfset download = 32> hh> <cfset clone = 64> hh> <cfset groupA = read + edit + create> hh> <cfset groupB = read + create + clone> hh> <cfset hal = BitOr( groupA, groupB )> hh> <cfoutput> hh> #BitAnd( hal, delete )# hh> </cfoutput> hh> will return 0. hh> Personally, I think the cf_secure tag is clearer and a heck of a lot hh> nicer than dragging around an interminably long list of text, but hh> that's just my opinion. hh> -----Original Message----- hh> From: John Quarto-vonTivadar [mailto:[EMAIL PROTECTED]] hh> Sent: Thursday, April 04, 2002 1:29 AM hh> To: [EMAIL PROTECTED] hh> Subject: Re: secure tag and permissions hh> why not just get away from the bitwise permissions...? that is one of hh> those things that sounds really great, and then in the end I'm not hh> convinced delivers anything worth the effort (as opposed to a hh> textual-based permission codes like "AdminForumList, AdminAddForum" etc. hh> sure the math looks kewler, but i find it just as useful to be able to hh> look at a list of English permission words and say "hey is this hh> permission in the list?" hh> "Brooklyn, NY" versus "11222-4401". Yes, the second has more precise hh> information. But ask someone from Esland which one is easier to find on hh> a map, and I bet the first one generates a faster associative memory hh> link. hh> as for your actual question: what happens if the User group has a hh> permission that Anon group already has? aren't you then adding it twice? hh> (see what I mean? I'd find it a hell of a lot easier to debug to just hh> ask "hey are these permissions in the list?") hh> ----- Original Message ----- hh> From: "Toby Tremayne" <[EMAIL PROTECTED]> hh> To: <[EMAIL PROTECTED]> hh> Sent: Thursday, April 04, 2002 1:02 AM hh> Subject: secure tag and permissions hh> This has got me stumped. I thought I'd grokked the bit permissions hh> system, but I must be wrong - this is my permissions file: hh> permissions = structNew(); hh> permissions.admforumList = 1; hh> permissions.admaddForum = 2; hh> permissions.admeditForum = 4; hh> permissions.admsaveForum = 8; hh> permissions.admdeleteforum = 16; hh> permissions.forumList = 32; hh> permissions.threadlist = 64; hh> permissions.viewthread = 128; hh> permissions.addthread = 256; hh> permissions.editThread = 512; hh> permissions.saveThread = 1024; hh> permissions.deleteThread = 2048; hh> permissions.addMessage = 4096; hh> permissions.editMessage = 8192; hh> permissions.saveMessage = 16384; hh> permissions.deleteMessage = 32768; hh> permissions.anonGroup = permissions.forumList + hh> permissions.threadList + permissions.viewThread; hh> permissions.userGroup = permissions.addthread + hh> permissions.saveThread + permissions.addMessage + hh> permissions.editMessage + permissions.saveMessage + hh> permissions.anonGroup; hh> permissions.adminGroup = permissions.admforumList + hh> permissions.admaddForum + permissions.admeditForum + hh> permissions.admsaveForum + permissions.admdeleteForum + hh> permissions.editThread + permissions.deleteThread + hh> permissions.deleteMessage + permissions.userGroup; hh> all well and good. But if I use the secure tag thus: hh> requiredPermission="#permissions.userGroup#" hh> userPermissions="#permissions.anonGroup#" hh> it returns true! how can that be? Could someone please draw me a hh> picture because I'm obviously not getting it... hh> Toby hh> ------------------------------------------------------------------------ hh> ---- hh> -------- hh> Life is Poetry, write it in your own words hh> ------------------------------------------------------------------------ hh> ---- hh> -------- hh> Toby Tremayne hh> Senior Technical Consultant hh> Code Poet and Zen Master of the Heavy Sleep hh> Lyricist Software hh> www.lyricist.com.au hh> m: +61 416 048 090 hh> icq: 13107913 ------------------------------------------------------------------------ ------------ Life is Poetry, write it in your own words ------------------------------------------------------------------------ ------------ Toby Tremayne Senior Technical Consultant Code Poet and Zen Master of the Heavy Sleep Lyricist Software www.lyricist.com.au m: +61 416 048 090 icq: 13107913 ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
