IsAuthorized

Description

Returns TRUE if the user is authorized to perform an action on a ColdFusion resource.

Syntax


IsAuthorized(resourcetype, resourcename [, action ])

Parameters

Parameter

Description

resourcetype
String that specifies the type of resource:

Application

CFML

File

DataSource

Component

Collection

CustomTag

UserObject

Function

User

resourcename
String that specifies the name of the resource. The value depends on the resource type:

Application name

CFML tag name

File name

Data source name

Component name

Verity collection name

Custom tag name

Object name

Resourcename is the resource that is protected, not to be confused with the rule name, which you specify in the ColdFusion Administrator.

action
String that specifies the action for which authorization is requested. Required for all resource types except Component and CustomTag.

Parameter	Description
resourcetype	String that specifies the type of resource: Application CFML File DataSource Component Collection CustomTag UserObject Function User
resourcename	String that specifies the name of the resource. The value depends on the resource type: Application name CFML tag name File name Data source name Component name Verity collection name Custom tag name Object name Resourcename is the resource that is protected, not to be confused with the rule name, which you specify in the ColdFusion Administrator.
action	String that specifies the action for which authorization is requested. Required for all resource types except Component and CustomTag.

Action types

The following table shows the actions associated with each resourcetype.


resourcetype	Actions
APPLICATION	ALL USECLIENTVARIABLES
CFML	Valid actions for the tag specified by resourcename
FILE	READ WRITE
DATASOURCE	ALL CONNECT SELECT INSERT UPDATE DELETE SP (stored procedure)
COMPONENT	No actions for this resource type
COLLECTION	DELETE OPTIMIZE PURGE SEARCH UPDATE
CUSTOMTAG	No actions for this resource type
USEROBJECT	Action specified by the ColdFusion Administrator
Function	No actions for this resource type
User	No actions for this resource type

Usage

Before using the IsAuthorized function, ensure that advanced security is enabled in the ColdFusion Administrator, and define the security contexts.

If you specify throwOnFailure = "Yes" in the cfauthenticate tag, you can enclose IsAuthorized in a cftry/cfcatch block to handle exceptions programmatically.

Example

<!--- This example calls the IsAuthorized function. --->

...

<!--- Is user authorized to select information from Orders? --->

<cfif IsAuthorized("DATASOURCE", "Orders", "select")>

  <cfquery name = "GetList" datasource = "Orders">

    SELECT *  FROM Orders

  </cfquery>

  <cfoutput QUERY = "GetList">

    Authorization Succeeded. Order information follows:

    #Customer# - #BalanceDue#<BR>

  </cfoutput>

</cfif>

</body>