How give special permission for user to view or edit that page. 1

yogi564 · Jan 7, 2002

Hi all,

Is there a way to give a special permissions for users to view, add or edit a page. Currently what is happening is that with a Username or password that person has full access permission.
What I need to happen is restrict some users from editing add information to the pages. For example the USername and password is stored in a table called T_ACCOUNT and it coming from the SQL server. Iam using Cold fusion server 5 with SQl Server.
How can I pull out the permission from the SQl server where I have set Admin, User permission to read in the cold fusion pages. IN the sql server the 'Admin permission' gives full permission for a particular user to view, add and edit any pages he or she like. But in 'User permission' it only give for viewing. This is working on the Sql server when I test it out. But I need to interact this with the cold fusion pages I ahve developed. Is there a way to do this, if so can you help me out. Thank's
From
Yogi

calista · Jan 8, 2002

I had to do something similar when I wanted only certain people to delete information. The only people who can delete an item is the person who entered it in the first place, or, an administrator. I have a table that holds the user information, and I added a column to it, PersonAdmin, that has a value of yes or no. In my template, I use CFPARAM Persmission EQ "No". By a cookie or session variable, I know who the user is, so I query the user table to see if PersonAdmin is "Yes" for that user. I also check the user against the table that stores the ID of the person who entered the record. If the user matches either the person who entered the record or one of the administrators, I set "Permission to "Yes". Then, before I process a delete, I check the value of "Permission". If it's "Yes", I process the delete, otherwise, the user gets a message that he does not have permission to delete that record.

Hope this helps! Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 8, 2002

Hi calista

Can you give the code for this part and also a working Url for this . Thank's

neofactor · Jan 8, 2002

We just added a security level of 1-4

Then we could control what "permissions" these groups had.
This worked great for the 1st year but no we need to move away from the 1-4 and make another table that are called groups. We then assign people to a group and then make sure certain groups are the only ones to perform certain functions.

We are currently testing LDAP to allow us to use the Domain Controller.

Good luck.

calista · Jan 9, 2002

Well, here's what I've got:

Code:

<CFSET Permission = &quot;No&quot;>

<!--- Query for the Administrators --->
<CFQUERY NAME=&quot;GetAdmins&quot;
     DATASOURCE=&quot;#Application.Datasource#&quot;
      DBTYPE=&quot;ODBC&quot;>
	SELECT	*
        FROM	PersonTable
	WHERE	PersonAdmin = Yes
</CFQUERY>

<!--- Get user name --->
<CFQUERY NAME=&quot;GetName&quot;	DATASOURCE=&quot;#Application.Datasource#&quot;
        DBTYPE=&quot;ODBC&quot;>
        SELECT	PersonFirstName
        FROM	PersonTable
        WHERE 	PersonID = '#Cookie.User.ID#'
</CFQUERY>

<!--- Here, I query for the record the user wants to update --->
<CFQUERY NAME=&quot;GetAddress&quot;
         DATASOURCE=&quot;#Application.Datasource#&quot;
        DBTYPE=&quot;ODBC&quot;>
	SELECT	*
	FROM	#AdrTable#
	WHERE	#AdrID# = #Form.ReleaseID#
</CFQUERY>

<!--- For convenience, I set the ID of the owner of the record to a variable --->				
<CFOUTPUT QUERY=&quot;GetAddress&quot;>
	<CFSET Owner = GetAddress[AdrPerson][CurrentRow]>
</CFOUTPUT>

<!--- Here, I'm just getting the rest of the info about the owner so I can display personalized messages. --->				
<CFQUERY NAME=&quot;GetOwner&quot;
         DATASOURCE=&quot;#Application.Datasource#&quot;
         DBTYPE=&quot;ODBC&quot;>
	SELECT	PersonFirstName,PersonLastName
	FROM	PersonTable
	WHERE	PersonID = '#Owner#'
</CFQUERY>

				
<CFOUTPUT QUERY=&quot;GetAddress&quot;>
     <!--- Is the current user the owner? ---> 
     <CFIF #Owner# EQ Cookie.User.ID>
          <!--- If so, give permission. --->
	  <CFSET Permission = &quot;Yes&quot;>
     <CFELSE>
          <!--- If not, is the current user one of the administrators? ---> 
          <CFLOOP QUERY=&quot;GetAdmins&quot;>
		<CFIF Cookie.User.ID EQ PersonID>
                     <!--- If so, give permission. --->   
		    <CFSET Permission = &quot;Yes&quot;>
		</CFIF>
	  </CFLOOP>
	</CFIF>
</CFOUTPUT>
<CFIF Permission EQ &quot;Yes&quot;> <!--- Remember, this was set to &quot;No&quot; earlier. --->
<!--- Update the database. --->
<CFQUERY NAME=&quot;UpdateInfo&quot;
	DATASOURCE=&quot;#Application.Datasource#&quot;
	DBTYPE=&quot;ODBC&quot;>
	UPDATE 	#AdrTable#
	SET		#AdrPerson# = '',
			#AdrAvailable# = 1
			WHERE	#AdrID# = #Form.ReleaseID#
</CFQUERY>
<CFELSE>
    <!--- Inform user he does not have permission. --->
</CFIF>

dmacintosh makes some very good points. I am dealing with a small, departmental intranet. I put three people as administrators. dmacintosh's plan is a good one for a larger operation, but it's still the same basic idea.

Good luck! Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 9, 2002

Hi calista,

Where do you place this coding, I have got a login page, and when the username and password is been OK, it goes to a menu.cfm, where there is a selection of three hyperlink. The first one is called 1) Add a new data 2)Edit existing data and finally the third one is called 3) Locate the data. What I need to happen is to restrict options 1 and 2 for some people, so will the above coding work, when someone clicks on option 1 and 2. saying the guest users are not allow to add or edit this section. So how to I separate or put all this code in the menu.cfm page.
I know that I need to change the table names and also the datasource connection occuring to my liking but I need to know where to place this code so that it will function properly. Thanks

From
Yogi

calista · Jan 10, 2002

I think I would put this on your menu page. By the the time the user gets there, you know who he is because he has passed your login procedure. At the top of your menu page, determine if this user is authorized to Add and/or Edit. If he is authorized, display all the links. If he is not authorized, either display only the link he is allowed to use, or diplay disabled links. Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 10, 2002

Hi calista

Is that mean I need to create two separate pages menu pages. For two different kinds of users. One for add and another for viewing.

calista · Jan 10, 2002

No, you don't need two pages. The psuedo code would go something like this:

Is user authorized?

If Yes:
Display all working links
Else
Display one link
OR
Display one working link and two disabled links
End-if Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 10, 2002

Iam not that good in psuedo code I need you to specific what to do in this part a bit clearly when I login from Login page to Menu. I need the 1 and 2 optinion mentioned above disable when I login as Guest. Thank's

calista · Jan 10, 2002

OK, wrote this up for you. Of course, you'll have to use your own page names and variable names.

Code:

<!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0 Transitional//EN&quot;>

<html>
<head>
	<title>Menu Page</title>
</head>

<body>

<CFPARAM NAME=&quot;Permission&quot; DEFAULT=&quot;No&quot;>

<!--- First, determine if the user is a guest. --->
<!--- If the user is a guest, set &quot;Permission to &quot;No&quot; --->
<CFIF Session.User.Name EQ &quot;Guest&quot;>
	<CFSET Permission=&quot;No&quot;>
<!--- Otherwise, set Permission to &quot;Yes&quot; --->
<CFELSE>
	<CFSET Permission=&quot;Yes&quot;>
</CFIF>


<!--- Now, display the links Option 1 --->
<CFIF Permission EQ &quot;Yes&quot;>
	<TABLE>
	<TR>
		<!--- Notice these are all working links. --->
		<TD><A HREF=&quot;Add Data.cfm&quot;>Add Data</A></TD>
		<TD><A HREF=&quot;EditData.cfm&quot;>Edit Data</A></TD>
		<TD><A HREF=&quot;ViewData.cfm&quot;>View Data</A></TD>
	</TR>
	</TABLE>
<CFELSE>
	<!--- Here, the text for the links will show, but as --->
	<!--- you can see, I've taken out the anchor tags on Add and Edit. --->
	<!--- Therefore, there is nothing for the guest to click on. --->
	<!--- All user will see three labels, but the guest will --->
	<!--- not be able to click on Add or Edit. --->
	<TABLE>
	<TR>
		<TD>Add Data</TD>
		<TD>Edit Data</TD>
		<TD><A HREF=&quot;ViewData.cfm&quot;>View Data</A></TD>
	</TR>
	</TABLE>
</CFIF>

<!--- Now, display the links Option 2 --->
<CFIF Permission EQ &quot;Yes&quot;>
	<TABLE>
	<TR>
		<!--- Notice these are all working links. --->
		<!--- This part is the same as option 1. --->
		<TD><A HREF=&quot;Add Data.cfm&quot;>Add Data</A></TD>
		<TD><A HREF=&quot;EditData.cfm&quot;>Edit Data</A></TD>
		<TD><A HREF=&quot;ViewData.cfm&quot;>View Data</A></TD>
	</TR>
	</TABLE>
<CFELSE>
	<!--- This time, I'm only displaying the link to view the data. --->
	<!--- A guest will see only this one link. --->
	<TABLE>
	<TR>
		<TD><A HREF=&quot;ViewData.cfm&quot;>View Data</A></TD>
	</TR>
	</TABLE>
</CFIF>

</body>
</html>

Hope this helps! Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 10, 2002

Hi Calista

here is my code for the Menu page.


<cfquery name="GetUser" datasource="test" >
SELECT * FROM T_ACCOUNT WHERE login ='#Form.USERNAME#' And password= '#Form.PASSWORD#'
</cfquery>


<cfif GetUser.RecordCount gt 0>

<cfset Session.login = GetUser.login>
<cfset Session.firstname= GetUser.firstname>
<cfset Session.lastname= GetUser.lastname>
<cfcookie name="login" value="#GetUser.login#" expires="NEVER">
<table width="691" border="1" height="96">
<tr>
<td colspan="2">
<div align="center"><font size="3" face="Arial, Helvetica, sans-serif"><b>Main
Menu </b></font></div>
</td>
</tr>
<tr>
<td width="49%">
<div align="center"><font size="2" face="Arial, Helvetica, sans-serif"><b><a href="study.cfm?accountadmin=#yes#">Enter
New Site Data</a></b></font></div>
</td>
<td width="51%">
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../lab/lablocate.cfm">Enter
Lab Data - Existing Site </a> </font></b></div>
</td>
</tr>
<tr>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../search/locatesite.cfm">Locate
Site</a></font></b></div>
</td>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../editfolder/locatesite.cfm">Edit
existing data</a></font></b></div>
</td>
</tr>
</table>
<cfelse>


<cfset loginpage = "login1.cfm?Message=" & URLEncodedFormat("Invalid User Name/Password Combination&quot

>
<cfset loginpage = loginpage & "&USERNAME=" & URLEncodedFormat(#USERNAME#)>
<cflocation url="#loginpage#">
</cfif>
Now if I place your code within this page do you think it will work clearly. Thank's

calista · Jan 11, 2002

Sure, here it is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Untitled</title>
</head>

<body>

<CFPARAM NAME="Permission" DEFAULT="No">


<cfquery name="GetUser" datasource="test">
SELECT * FROM T_ACCOUNT WHERE login ='#Form.USERNAME#' And password= '#Form.PASSWORD#'
</cfquery>


<cfif GetUser.RecordCount gt 0>

<cfset Session.login = GetUser.login>
<cfset Session.firstname= GetUser.firstname>
<cfset Session.lastname= GetUser.lastname>


<CFIF GetUser.AccountAdmin EQ "Yes">
<CFSET Permission="Yes">
</CFIF>

<cfcookie name="login" value="#GetUser.login#" expires="NEVER">
<CFIF Permission EQ "Yes">


<table width="691" border="1" height="96">
<tr>
<td colspan="2">
<div align="center"><font size="3" face="Arial, Helvetica, sans-serif"><b>Main
Menu </b></font></div>
</td>
</tr>
<tr>
<td width="49%">
<div align="center"><font size="2" face="Arial, Helvetica, sans-serif"><b><a href="study.cfm?accountadmin=#yes#">Enter
New Site Data</a></b></font></div>
</td>
<td width="51%">
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../lab/lablocate.cfm">Enter
Lab Data - Existing Site </a> </font></b></div>
</td>
</tr>
<tr>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../search/locatesite.cfm">Locate
Site</a></font></b></div>
</td>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../editfolder/locatesite.cfm">Edit
existing data</a></font></b></div>
</td>
</tr>
</table>
<CFELSE>



<table width="691" border="1" height="96">
<tr>
<td colspan="2">
<div align="center"><font size="3" face="Arial, Helvetica, sans-serif"><b>Main
Menu </b></font></div>
</td>
</tr>
<tr>
<td width="49%">
<div align="center"><font size="2" face="Arial, Helvetica, sans-serif"><b>Enter
New Site Data</b></font></div>
</td>
<td width="51%">
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2">Enter
Lab Data - Existing Site </font></b></div>
</td>
</tr>
<tr>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2"><a href="../search/locatesite.cfm">Locate
Site</a></font></b></div>
</td>
<td>
<div align="center"><b><font face="Arial, Helvetica, sans-serif" size="2">Edit
existing data</font></b></div>
</td>
</tr>
</table>
</CFIF>

<cfelse>


<cfset loginpage = "login1.cfm?Message=" & URLEncodedFormat("Invalid User Name/Password Combination&quot

>
<cfset loginpage = loginpage & "&USERNAME=" & URLEncodedFormat(#USERNAME#)>
<cflocation url="#loginpage#">
</cfif>

</body>
</html>
Calista :-X
Jedi Knight,
Champion of the Force

yogi564 · Jan 13, 2002

Hi Calista

Thank you very much for heliping me out. It is finally working. Thanks a million !

from
yogi

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How give special permission for user to view or edit that page. 1

yogi564

Programmer

calista

Programmer

yogi564

Programmer

neofactor

Technical User

calista

Programmer

yogi564

Programmer

calista

Programmer

yogi564

Programmer

calista

Programmer

yogi564

Programmer

calista

Programmer

yogi564

Programmer

calista

Programmer

yogi564

Programmer

Similar threads

Part and Inventory Search

Sponsor