Let me see if I have this right. Inside the DisplayList.cfm I put a cf_authorize tag around each of the links I want to control. In my case I just want to separate out the view link from the other edit links. That works fine, I can specify which roles I want to be able to edit or just view. The problem is unless I am missing something and I am sure I am is that if I have 2 modules and a user has view access on one and edit access on the other, because he has edit access on one his role would see the edit links on the module the user had view only access. The link would not allow him through due to privileges on the page but the link will still show up. I hope I explained that good enough.
Thanks On Thu, 3 Feb 2005 19:17:57 -0500, Adam Churvis <[EMAIL PROTECTED]> wrote: > Easy to do with Plum. Inside DisplayListLinks, just place separate > cf_Authorize paired tag calls around each link or set of links that needs a > test against roles. Then on each form and corresponding action page to > which each form posts, place an empty (non-paired) tag call to cf_Authorize > using the exact same attribute values as the paired tag calls that allowed > users access to those pages. > > Then you're done. Run it. > > Respectfully, > > Adam Phillip Churvis > Member of Team Macromedia > http://www.ProductivityEnhancement.com > > Download Plum and other cool development tools, > and get advanced intensive Master-level training: > > * C# & ASP.NET for ColdFusion Developers > * ColdFusion MX Master Class > * Advanced Development with CFMX and SQL Server 2000 > > ----- Original Message ----- > From: "Dirk Marshall" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Thursday, February 03, 2005 6:54 PM > Subject: [plum] cf_authorize > > > I really like the functionality of this tag, makes controlling > > security very easy as far as modules and code sections. I have come > > across an issue that I am not sure how to work around. Say I have 3 > > roles one has view only access, one can edit records but not delete > > and the other has admin access to the table. In other words I want to > > control which links a user sees on a list based on their role. It can > > be set by cf_authorize to show all the links or not show them but I > > can't see how to specify that I only want them to see the view link, > > etc. Another example would be I have only 1 user responsible for > > adding info but 3 who can edit the info. I would be interested in > > hearing any ideas. > > > > Thanks > > > > ********************************************************************** > > You can subscribe to and unsubscribe from lists, and you can change > > your subscriptions between normal and digest modes here: > > > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > > ********************************************************************** > > > > ********************************************************************** > You can subscribe to and unsubscribe from lists, and you can change > your subscriptions between normal and digest modes here: > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > ********************************************************************** > ********************************************************************** You can subscribe to and unsubscribe from lists, and you can change your subscriptions between normal and digest modes here: http://www.productivityenhancement.com/support/DiscussionListsForm.cfm **********************************************************************
