Versions Compared

Old Version 29

changes.mady.by.user Blair McKenzie

Saved on

compared with

New Version 30

changes.mady.by.user John Uebel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The whole schema should be driven by content types
  • It must be easy to extend the framework to allow for LDAP, ActiveDirectory and OpenID integration
  • Examples of each supported external directory type should be provided, perhaps as plugins
  • When mapping groups to roles it may be necessary to allow developers to nominate their own method for listing user directory groups (especially in those situations where the external directory has 1000's of groups)
  • permission checks need to be cached by role
  • replace all UI elements
  • ensure multiple user directories work
  • Integrate Audit sub-section for reporting
  • Clearly define the "permission set" construct (review webskin permissions)
  • Provide scaffolding for permission sets
  • remove security cache from serverscopeserver scope

User Directories

The purpose of a user directory is to authenticate users and provide information on their group memebershipmembership.

With FarCry 45.1 0 the way user directories are implemented has been changed. In previous versions user directories were mixed into FarCry's internal permission and security structure. This made it difficult for people to add another user directory. Pulling them apart makes it easier to add something like an OpenID login, or an LDAP user directory. There are some disadvantages: functionality where FarCry depends on intimate knowledge of the user directory (such as being able to get a full list of users) are no longer possible.

...

Code Block
<cfset result = structnew() />

<cfimport taglib="/farcry/core/tags/formtools" prefix="ft" />

<ft:processform>
	<ft:processformObjects typename="#getLoginForm()#">
		<!--- Authenticate user and update result --->
	</ft:processforObjects>processformObjects>
</ft:processform>

<cfreturn result />

...

The authenticate function is called every time the login page is requested. If it detects that it's its login form was submitted, it should attempt to authenticate the user and return the result.

...

This function is called on login to update the profile properties of the user. The contents of the return returned struct are appended directly to the dmProfile properties struct.

...

Add a displayLogin webskin to the farLogin form in your project (the same way you add webskins to types and rules). This webskin should output the form using ft:form and ft:object.

If you're your project uses more than one user directory, you will also need to use the sec:SelectUDLogin tag. This tag will generate a list of user directories for the user to select from, and will display the correct login form for the selected UD.

...

Most types do not have a permission set by default (one exception is news). A content type without it's its own permission set honours the Generic permission set.

...

These have been added as of FarCry 45.10.

A webskin permission essentially represents the right of a user to run or execute a specific view - or webskin. If a user does not have permission to run a specific webskin then a simple semantic message indicating denied access is shown. This is done using the deniedaccess webskin, which can be overriden for all content types in a project or just one.

...

Because security will be managed in a new structure a catch-22 situation exists when it comes to migrating the data:

  1. this script migrates pre 45.1 0 security data to the new structure
  2. to access the updates directory you have to log in
  3. login uses the new structure
  4. which is empty until this script migrates the security data

...