You don't modify any custom tags themselves, on the calls to them. Also, don't think in terms of "negative rights" like some people have written about, because it's bogus in terms of real honest-to-goodness business process engineering. Look at "Discovering and defining roles" in the Plum documentation for a straightforward explanation of how to properly define and handle roles.
Let me try to explain your situation if I understand it correctly... <cf_DisplayList ... > ... <cf_DisplayListLinks add="No" view="No" edit="No" delete="No"> <cf_Authorize roles="ADMIN,STADMIN" userMustBeAMemberOf="AnyOfTheseRoles"> [Edit] [Delete] </cf_Authorize> <cf_Authorize roles="ADMIN,STADMIN,PROADMIN" userMustBeAMemberOf="AnyOfTheseRoles"> [View] </cf_Authorize> </cf_DisplayListLinks> </cf_DisplayList> ...of course I'm abbreviating, and the links would have to be encoded around the link texts, but this is (I think) what you're needing to do. Respectfully, Adam Phillip Churvis Member of Team Macromedia http://www.ProductivityEnhancement.com Download Plum and other cool development tools, and get advanced intensive Master-level training: * C# & ASP.NET for ColdFusion Developers * ColdFusion MX Master Class * Advanced Development with CFMX and SQL Server 2000 ----- Original Message ----- From: "Dirk Marshall" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, February 04, 2005 5:29 PM Subject: Re: [plum] cf_authorize > I know you are busy, this is no rush, just a concept I want to have a > better understanding of how you are handling it as I have something > similar implemented on a site. There are plenty of workarounds with > if statements, etc. so the flexibility in how you have done things is > great. Let me try this again. I think I understand the concept of > roles in Plum. Say I have 2 modules, 1 for Projects and 1 for > Streets. I have a user in charge of updating streets(Role STADMIN) > and another for updating projects(Role PROADMIN). Part of the > PROADMIN Role is to view street information but not update it. Now I > take that into the DisplayList Custom tag and put a cf_authorize > around the edit/delete/add links and say only ADMIN,STADMIN,PROADMIN > have the right to see these links. Now I have locked out anyone not > in these roles from seeing the links but, PROADMIN will see > edit/delete/add links in the street module even though they don't need > them and won't be able to use them because of the cf_authorize tag in > the streets module pages only allowing ADMIN,STADMIN access to the > edit/delete/add forms. I hope this is a better explanation of my > thoughts. :) > > Thanks all for putting up with my ramblings. :) > > > On Fri, 4 Feb 2005 15:24:34 -0500, Adam Churvis > <[EMAIL PROTECTED]> wrote: > > > if I have 2 modules and a user has view access on > > > one and edit access on the other, because he has edit access on one > > > his role would see the edit links on the module the user had view only > > > access. The link would not allow him through due to privileges on the > > > page but the link will still show up. > > > > I'm sorry but I can't follow the first sentence. > > > > Perhaps your problem is due to an improper use of roles, as I documented in > > "Discovering and defining roles" in the Plum documentation. Hopefully you > > aren't defining a "View" role and an "Edit" role, but are instead defining > > actual named familiar roles played by users in a company, then assigning > > those roles to the users who play them. > > > > If you are defining and assigning roles correctly, then a cf_Authorize > > paired tag call placed around a link will allow that link to display only if > > the user is a member of the role(s) specified in the call to cf_Authorize. > > > > Going a step further in your security, you place an empty (non-paired) call > > to cf_Authorize, using the same attributes and values, at the tops of the > > pages to which those links point, and to their corresponding action pages. > > > > If you want to discuss this in more detail then give me a call at > > 770-446-8866. I have limited availability today, but if I'm not in the > > David should be able to help you. > > > > Respectfully, > > > > Adam Phillip Churvis > > Member of Team Macromedia > > http://www.ProductivityEnhancement.com > > > > Download Plum and other cool development tools, > > and get advanced intensive Master-level training: > > > > * C# & ASP.NET for ColdFusion Developers > > * ColdFusion MX Master Class > > * Advanced Development with CFMX and SQL Server 2000 > > > > ********************************************************************** > > You can subscribe to and unsubscribe from lists, and you can change > > your subscriptions between normal and digest modes here: > > > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > > ********************************************************************** > > > > ********************************************************************** > You can subscribe to and unsubscribe from lists, and you can change > your subscriptions between normal and digest modes here: > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > ********************************************************************** > ********************************************************************** You can subscribe to and unsubscribe from lists, and you can change your subscriptions between normal and digest modes here: http://www.productivityenhancement.com/support/DiscussionListsForm.cfm **********************************************************************
