You've got it. I was actually looking at it from the perspective of doing it from the custom tag to control it from one location but I can see that is not the best way for this. Thanks for your patience.
On Fri, 4 Feb 2005 17:46:47 -0500, Adam Churvis <[EMAIL PROTECTED]> wrote: > You don't modify any custom tags themselves, on the calls to them. Also, > don't think in terms of "negative rights" like some people have written > about, because it's bogus in terms of real honest-to-goodness business > process engineering. Look at "Discovering and defining roles" in the Plum > documentation for a straightforward explanation of how to properly define > and handle roles. > > Let me try to explain your situation if I understand it correctly... > > <cf_DisplayList ... > > ... > <cf_DisplayListLinks add="No" view="No" edit="No" delete="No"> > > <cf_Authorize roles="ADMIN,STADMIN" userMustBeAMemberOf="AnyOfTheseRoles"> > [Edit] [Delete] > </cf_Authorize> > > <cf_Authorize roles="ADMIN,STADMIN,PROADMIN" > userMustBeAMemberOf="AnyOfTheseRoles"> > [View] > </cf_Authorize> > > </cf_DisplayListLinks> > </cf_DisplayList> > > ...of course I'm abbreviating, and the links would have to be encoded around > the link texts, but this is (I think) what you're needing to do. > > Respectfully, > > Adam Phillip Churvis > Member of Team Macromedia > http://www.ProductivityEnhancement.com > > Download Plum and other cool development tools, > and get advanced intensive Master-level training: > > * C# & ASP.NET for ColdFusion Developers > * ColdFusion MX Master Class > * Advanced Development with CFMX and SQL Server 2000 > > ----- Original Message ----- > From: "Dirk Marshall" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Friday, February 04, 2005 5:29 PM > Subject: Re: [plum] cf_authorize > > > I know you are busy, this is no rush, just a concept I want to have a > > better understanding of how you are handling it as I have something > > similar implemented on a site. There are plenty of workarounds with > > if statements, etc. so the flexibility in how you have done things is > > great. Let me try this again. I think I understand the concept of > > roles in Plum. Say I have 2 modules, 1 for Projects and 1 for > > Streets. I have a user in charge of updating streets(Role STADMIN) > > and another for updating projects(Role PROADMIN). Part of the > > PROADMIN Role is to view street information but not update it. Now I > > take that into the DisplayList Custom tag and put a cf_authorize > > around the edit/delete/add links and say only ADMIN,STADMIN,PROADMIN > > have the right to see these links. Now I have locked out anyone not > > in these roles from seeing the links but, PROADMIN will see > > edit/delete/add links in the street module even though they don't need > > them and won't be able to use them because of the cf_authorize tag in > > the streets module pages only allowing ADMIN,STADMIN access to the > > edit/delete/add forms. I hope this is a better explanation of my > > thoughts. :) > > > > Thanks all for putting up with my ramblings. :) > > > > > > On Fri, 4 Feb 2005 15:24:34 -0500, Adam Churvis > > <[EMAIL PROTECTED]> wrote: > > > > if I have 2 modules and a user has view access on > > > > one and edit access on the other, because he has edit access on one > > > > his role would see the edit links on the module the user had view only > > > > access. The link would not allow him through due to privileges on the > > > > page but the link will still show up. > > > > > > I'm sorry but I can't follow the first sentence. > > > > > > Perhaps your problem is due to an improper use of roles, as I documented > in > > > "Discovering and defining roles" in the Plum documentation. Hopefully > you > > > aren't defining a "View" role and an "Edit" role, but are instead > defining > > > actual named familiar roles played by users in a company, then assigning > > > those roles to the users who play them. > > > > > > If you are defining and assigning roles correctly, then a cf_Authorize > > > paired tag call placed around a link will allow that link to display > only if > > > the user is a member of the role(s) specified in the call to > cf_Authorize. > > > > > > Going a step further in your security, you place an empty (non-paired) > call > > > to cf_Authorize, using the same attributes and values, at the tops of > the > > > pages to which those links point, and to their corresponding action > pages. > > > > > > If you want to discuss this in more detail then give me a call at > > > 770-446-8866. I have limited availability today, but if I'm not in the > > > David should be able to help you. > > > > > > Respectfully, > > > > > > Adam Phillip Churvis > > > Member of Team Macromedia > > > http://www.ProductivityEnhancement.com > > > > > > Download Plum and other cool development tools, > > > and get advanced intensive Master-level training: > > > > > > * C# & ASP.NET for ColdFusion Developers > > > * ColdFusion MX Master Class > > > * Advanced Development with CFMX and SQL Server 2000 > > > > > > ********************************************************************** > > > You can subscribe to and unsubscribe from lists, and you can change > > > your subscriptions between normal and digest modes here: > > > > > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > > > ********************************************************************** > > > > > > > ********************************************************************** > > You can subscribe to and unsubscribe from lists, and you can change > > your subscriptions between normal and digest modes here: > > > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > > ********************************************************************** > > > > ********************************************************************** > You can subscribe to and unsubscribe from lists, and you can change > your subscriptions between normal and digest modes here: > > http://www.productivityenhancement.com/support/DiscussionListsForm.cfm > ********************************************************************** > ********************************************************************** You can subscribe to and unsubscribe from lists, and you can change your subscriptions between normal and digest modes here: http://www.productivityenhancement.com/support/DiscussionListsForm.cfm **********************************************************************
