The Robertson Team

Home  Programmers' Tools  About The Team  Contact Us  Site Map 

 

 
 

GridBuilder
 

ContentMonger
 

AccessMonger Pro
 

Version 2.0 (!)
 

FAQ
 

Which Version of AMPro Should I Use?
 

System Requirements
 

How Do I Install It?
 

What Kind of User is AMPro Meant For?
 

What are Tiers?
 

What Are Roles?
 

What Are Groups?
 

Can I Mix Permission Types in My System?
 

Can I Nest Permissions?
 

Can I Do A Login Pass-Through?
 

Can I Add Users Automatically?
 

Can I Import Users From Another System?
 

If I Forget My Password Will AMPro Send It To Me?
 

Screen Shots
 

The Free Stuff
 
 
 
  Programmers' Tools >  AccessMonger Pro >  FAQ >  Can I Nest Permissions?
 

Can I Nest Permissions?

Once you are comfortable with the concept of roles, yes.  This is one more way to add flexibility to your access control system.  Lets say you have the following roles set up to work within foo.cfm:

Roles for foo.cfm

foo

foo_Add

foo_Edit

foo_Delete

foo_Approve

foo_Publish

First of all, note that each role is prefaced by the template name, without the extension.  This is a good way to organize your roles so that when viewing roles in the system, profile and individual user role managers each role stays together with its siblings.

The first role is the filename only.  This role is used to determine if a page is going to be accessible or not.  Here's something similar to what you would do in AMPro to do this.  You would put it right at the top of the page (we don't show the actual code due to security considerations):

<cfset request.my.Roles="foo">
<cfinclude template="permissions.cfm">
<cfif CompareNoCase(request.my.Result,"Y")>
     <cflocation url="login.cfm" addtoken="No">
     <!---
     or some other suitable action of your choice
     --->
</cfif>

Then lets say for the sake of argument that right afterwards your code has links to some edit actions.  If the user has no rights to edit the page, then you don't want to even bother checking for approval and publishing rights.  So you set it up like this:

<cfset request.my.Roles="foo_edit">
<cfinclude template="permissions.cfm">
<cfif not CompareNoCase(request.my.Result,"Y")>
     <!--- show editor-specific stuff here --->
     <cfset request.my.Roles="foo_approve">
     <cfinclude template="permissions.cfm">
     <cfif not CompareNoCase(request.my.Roles,"Y")>
          <!--- show approval button here--->
     </cfif>
     <cfset request.my.Roles="foo_publish">
     <cfinclude template="permissions.cfm">
     <cfif not CompareNoCase(request.my.Result,"Y")>
          <!--- show publish button here --->
     </cfif>
</cfif>

Simple enough.  Note that using roles to their fullest extent will magnify your processing of a page by a bit, but probably not noticeably so.  We chose to use includes rather than custom tag calls to do permission checks entirely due to the slight but existent improvement in speed they provide.

The Robertson Team, TheKing@mysecretbase.com
1.559.360.1717 


HostMySite.com is a leader in ColdFusion web hosting and managed dedicated servers.