• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 167
  • Last Modified:

Adding multiple access levels via SESSION.auth.rightsList


Have this piece of code,  - which works -

<cfif not listFind(SESSION.auth.rightsList, "SuperUser")>
<cfoutput>
"Sorry, You are not authorized to view this page.</strong>
</cfoutput>


How do I add additional access like this:

<cfif not listFind(SESSION.auth.rightsList, "SuperUser" or "Admin" or "OtherAuthorizedUser")>
<cfoutput>
"Sorry, You are not authorized to view this page.</strong>
</cfoutput>


THANKS IN ADVANCE!!!  
0
selms
Asked:
selms
  • 3
  • 3
1 Solution
 
DanielSKimCommented:
did you want something more succinct that this?

<cfset accessList = "SuperUser,Admin,OtherAuthorizedUser" />

<cfset inAccessList = false />
<cfloop list="#accessList#" index="i">
      <cfif ListFindNoCase(auth.rightsList, i)>
            <cfset inAccessList = true />
            <cfbreak />
      </cfif>
</cfloop>

<cfif not inAccessList>
<cfoutput>
"Sorry, You are not authorized to view this page.</strong>
</cfoutput>
0
 
DanielSKimCommented:
sorry.

<cfif ListFindNoCase(auth.rightsList, i)>

should be:

<cfif ListFindNoCase(SESSION.auth.rightsList, i)>
0
 
selmsAuthor Commented:


I'm a beginner CFer...

Any way to modify my code so that If the person is NOT a SuperUser or Admin they will be denied acccess to that page???

<cfif not listFind(SESSION.auth.rightsList, "SuperUser")>
<cfoutput>
"Sorry, You are not authorized to view this page.</strong>
</cfoutput>


0
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

 
selmsAuthor Commented:


Ok,   It makes more sense with the <cfif ListFindNoCase(SESSION.auth.rightsList, i)>  Session part.

I'll try it...
0
 
DanielSKimCommented:
i am not aware of a native cf function that compares the union (same items) of two lists. the below loops thorugh the accessList, and checks to see if it exists in SESSION.auth.rightsList. if not , inAccessList is false. if so, inAccessList is true.

<!--- define approved roles --->
<cfset accessList = "SuperUser,Admin,OtherAuthorizedUser" />

<cfset inAccessList = false />
<cfloop list="#accessList#" index="i">
     <!--- if the user contains a role in the approved roles list, set inAccessList to true --->
     <cfif ListFindNoCase(SESSION.auth.rightsList, i)>
          <cfset inAccessList = true />
          <cfbreak />
     </cfif>
</cfloop>

<cfif not inAccessList>
<cfoutput>
"Sorry, You are not authorized to view this page.</strong>
</cfoutput>
0
 
selmsAuthor Commented:

IT WORKED!!!   THANKS sooooooo  much for the quick response!!!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now