Coldbox Security Interceptor

Posted by faheem on Stack Overflow See other posts from Stack Overflow or by faheem
Published on 2010-05-01T19:07:08Z Indexed on 2010/05/01 19:17 UTC
Read the original article Hit count: 317

Filed under:
|
|

Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml:

SecurityRules.XML

<?xml version="1.0" encoding="UTF-8"?>
<!-- 
Declare as many rule elements as you want, order is important 
Remember that the securelist can contain a list of regular
expression if you want

ex: All events in the user handler
 user\..*
ex: All events
 .*
ex: All events that start with admin
 ^admin

If you are not using regular expression, just write the text
that can be found in an event.
        <whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist>

-->
<rules>
    <rule>
        <whitelist>^entries,ehSecurity\..*,registry\..*</whitelist>
        <securelist></securelist>
        <roles>admin</roles>
        <permissions>read,write</permissions>
        <redirect>ehSecurity.dspLogin</redirect>
    </rule>
    <rule>
        <whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist>
        <securelist></securelist>
        <roles>author,admin</roles>
        <permissions>read</permissions>
        <redirect>ehSecurity.dspLogin</redirect>
    </rule>
</rules>

© Stack Overflow or respective owner

Related posts about cf9

Related posts about coldbox