I know you are busy, this is no rush, just a concept I want to have a better understanding of how you are handling it as I have something similar implemented on a site. There are plenty of workarounds with if statements, etc. so the flexibility in how you have done things is great. Let me try this again. I think I understand the concept of roles in Plum. Say I have 2 modules, 1 for Projects and 1 for Streets. I have a user in charge of updating streets(Role STADMIN) and another for updating projects(Role PROADMIN). Part of the PROADMIN Role is to view street information but not update it. Now I take that into the DisplayList Custom tag and put a cf_authorize around the edit/delete/add links and say only ADMIN,STADMIN,PROADMIN have the right to see these links. Now I have locked out anyone not in these roles from seeing the links but, PROADMIN will see edit/delete/add links in the street module even though they don't need them and won't be able to use them because of the cf_authorize tag in the streets module pages only allowing ADMIN,STADMIN access to the edit/delete/add forms. I hope this is a better explanation of my thoughts. :)
Thanks all for putting up with my ramblings. :) On Fri, 4 Feb 2005 15:24:34 -0500, Adam Churvis <[EMAIL PROTECTED]> wrote: > > if I have 2 modules and a user has view access on > > one and edit access on the other, because he has edit access on one > > his role would see the edit links on the module the user had view only > > access. The link would not allow him through due to privileges on the > > page but the link will still show up. > > I'm sorry but I can't follow the first sentence. > > Perhaps your problem is due to an improper use of roles, as I documented in > "Discovering and defining roles" in the Plum documentation. Hopefully you > aren't defining a "View" role and an "Edit" role, but are instead defining > actual named familiar roles played by users in a company, then assigning > those roles to the users who play them. > > If you are defining and assigning roles correctly, then a cf_Authorize > paired tag call placed around a link will allow that link to display only if > the user is a member of the role(s) specified in the call to cf_Authorize. > > Going a step further in your security, you place an empty (non-paired) call > to cf_Authorize, using the same attributes and values, at the tops of the > pages to which those links point, and to their corresponding action pages. > > If you want to discuss this in more detail then give me a call at > 770-446-8866. I have limited availability today, but if I'm not in the > David should be able to help you. > > Respectfully, > > Adam Phillip Churvis > Member of Team Macromedia > http://www.ProductivityEnhancement.com > > Download Plum and other cool development tools, > and get advanced intensive Master-level training: > > * C# & ASP.NET for ColdFusion Developers > * ColdFusion MX Master Class > * Advanced Development with CFMX and SQL Server 2000 > > ********************************************************************** > You can subscribe to and unsubscribe from lists, and you can change > your subscriptions between normal and digest modes here: > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > ********************************************************************** > ********************************************************************** You can subscribe to and unsubscribe from lists, and you can change your subscriptions between normal and digest modes here: http://www.productivityenhancement.com/support/DiscussionListsForm.cfm **********************************************************************
