Coldbox Security Interceptor
Posted
by faheem
on Stack Overflow
See other posts from Stack Overflow
or by faheem
Published on 2010-05-01T19:07:08Z
Indexed on
2010/05/01
19:17 UTC
Read the original article
Hit count: 317
Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml:
SecurityRules.XML
<?xml version="1.0" encoding="UTF-8"?>
<!--
Declare as many rule elements as you want, order is important
Remember that the securelist can contain a list of regular
expression if you want
ex: All events in the user handler
user\..*
ex: All events
.*
ex: All events that start with admin
^admin
If you are not using regular expression, just write the text
that can be found in an event.
<whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist>
-->
<rules>
<rule>
<whitelist>^entries,ehSecurity\..*,registry\..*</whitelist>
<securelist></securelist>
<roles>admin</roles>
<permissions>read,write</permissions>
<redirect>ehSecurity.dspLogin</redirect>
</rule>
<rule>
<whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist>
<securelist></securelist>
<roles>author,admin</roles>
<permissions>read</permissions>
<redirect>ehSecurity.dspLogin</redirect>
</rule>
</rules>
© Stack Overflow or respective owner