CFML Reference
|
|
ColdFusion Functions
|
IsAuthorized
Description
Returns TRUE if the user is authorized to perform an action on a ColdFusion resource.
Category
Decision functions
Syntax
IsAuthorized(resourcetype, resourcename [, action ])
See also
IsAuthenticated
Parameters
Parameter |
Description |
resourcetype
|
String that specifies the type of resource:
- Application
- CFML
- File
- DataSource
- Component
- Collection
- CustomTag
- UserObject
- Function
- User
|
resourcename
|
String that specifies the name of the resource. The value depends on the resource type:
- Application name
- CFML tag name
- File name
- Data source name
- Component name
- Verity collection name
- Custom tag name
- Object name
Resourcename is the resource that is protected, not to be confused with the rule name, which you specify in the ColdFusion Administrator.
|
action
|
String that specifies the action for which authorization is requested. Required for all resource types except Component and CustomTag.
|
Action types
The following table shows the actions associated with each resourcetype.
resourcetype |
Actions |
APPLICATION
|
ALL USECLIENTVARIABLES
|
CFML
|
Valid actions for the tag specified by resourcename
|
FILE
|
READ WRITE
|
DATASOURCE
|
ALL CONNECT SELECT INSERT UPDATE DELETE SP (stored procedure)
|
COMPONENT
|
No actions for this resource type
|
COLLECTION
|
DELETE OPTIMIZE PURGE SEARCH UPDATE
|
CUSTOMTAG
|
No actions for this resource type
|
USEROBJECT
|
Action specified by the ColdFusion Administrator
|
Function
|
No actions for this resource type
|
User
|
No actions for this resource type
|
Usage
Before using the IsAuthorized
function, ensure that advanced security is enabled in the ColdFusion Administrator, and define the security contexts.
If you specify throwOnFailure = "Yes"
in the cfauthenticate tag, you can enclose IsAuthorized
in a cftry/cfcatch
block to handle exceptions programmatically.
Example
<!--- This example calls the IsAuthorized function. --->
...
<!--- Is user authorized to select information from Orders? --->
<cfif IsAuthorized("DATASOURCE", "Orders", "select")>
<cfquery name = "GetList" datasource = "Orders">
SELECT * FROM Orders
</cfquery>
<cfoutput QUERY = "GetList">
Authorization Succeeded. Order information follows:
#Customer# - #BalanceDue#<BR>
</cfoutput>
</cfif>
</body>
Copyright © 2001, Macromedia Inc. All rights reserved. |
|