Sure it can. In addition to placing a cf_Authorize tag on the page, all you
need to do is "tag" owned records with the UserID of the user who owns them,
then specify WHERE UserID = #GetAuthUser()# as part of your query. This
keeps the secure portion (the UserID) hidden and entirely under the control
of the Plum security framework.
TO allow authorized users more editing permissions on a form that
unauthorized users, look at what we do in the Plum CMS. Take a look at
admin/content/PlumContentItemEditForm.cfm. Here's the part I'm talking
about:
<!--- If the user is an ADMIN or PUBLISHER... --->
<cfif IsUserInRole("ADMIN") OR IsUserInRole("PUBLISHER")>
<!--- ...then he can edit any content item, --->
<cfset WhereClauseExtension = "">
<cfelse>
<!--- but if not, then he can only edit content items that he owns which
are not yet published. --->
<cfset WhereClauseExtension = "PlumContentItem.UserID = #GetAuthUser()# AND
PlumContentItem.Status < 10">
</cfif>
and then farther down in the form:
<!--- If the user is an ADMIN or PUBLISHER... --->
<cfif IsUserInRole("ADMIN") OR IsUserInRole("PUBLISHER")>
<!--- ...enable him to assign a different owner for this content
item, --->
<cf_DisplayFilteredSelect parentTable="PlumUser" primaryKey="UserID"
primaryKeyType="integer" displayColumn="Email" label="User" required="Yes">
<cfelse>
<!--- otherwise just display the current user's email address. --->
<cf_DisplayColumnOnForm table="PlumUser" column="Email" label="User">
</cfif>
How's that for cookin'?
Respectfully,
Adam Phillip Churvis
Member of Team Macromedia
http://www.ProductivityEnhancement.com
Download Plum and other cool development tools,
and get advanced intensive Master-level training:
* C# & ASP.NET for ColdFusion Developers
* ColdFusion MX Master Class
* Advanced Development with CFMX and SQL Server 2000
----- Original Message -----
From: "K & N Parker" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, May 10, 2005 8:19 AM
Subject: [plum] Picky users
I'm not sure if PLUM can do this out of the box or not. I couldn’t ascertain
from the features list if this as possible.
One thing I've always looked for in a CASE tool is the ability to, out of
the box, only allow users to see the data they own. Certainly you can apply
roles and give access based on roles but I'm talking about access to a
subset of data as part of a role e.g. if you store someone's personal
particulars only allowing them and an admin to see and update those details.
Another example - any user can add reservation details but only the user who
created a reservation can then only update reservation details that they
created. Or another example - uses can create and update details of artwork
in galleries but can only do so in respect to the gallery they administer
i.e. there would be multiple galleries so gallery admins would all have the
same role but must only be able to add and update records in respect the
gallery they administer.
I think you might get my drift.
TIA!
**********
Kevin Parker
Advanced Imaging (Aust) Pty Ltd
p: 08 8523 0225
f: 08 8523 0225
e: [EMAIL PROTECTED]
w: www.advancedimaging.com.au
**********
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.7 - Release Date: 9/05/2005
**********************************************************************
You can subscribe to and unsubscribe from lists, and you can change
your subscriptions between normal and digest modes here:
http://www.productivityenhancement.com/support/DiscussionListsForm.cfm
**********************************************************************
**********************************************************************
You can subscribe to and unsubscribe from lists, and you can change
your subscriptions between normal and digest modes here:
http://www.productivityenhancement.com/support/DiscussionListsForm.cfm
**********************************************************************
