StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
6644340
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2011-07-10T23:07:54.060
FavoriteCount
0
LastActivityDate
2011-07-10T23:15:29.027
LastEditDate
2011-07-10T23:15:29.027
LastEditorUserId
832527
OwnerUserId
832527
ParentId
6638639
PostTypeId
2
Score
6
ViewCount
0
LastEditorDisplayName
text
Body
You're right, securing a page and securing elements is different. In my opinion and in practice, I think tying any code to a role or user is actually the wrong approach. Instead, tie permissions to elements and pages - then tie roles to those permissions. And of course, users are assigned roles. It is important to have all three : <ol> <li>Users </li> <li>Roles</li> <li>Permissions <-- this is what you're missing</li> </ol> Permissions are what secure elements and pages, not roles or users Your code should have no clue (because it doesn't need to) what users or roles there are - just names of permissions. When a user logs in, I grab their role(s). Then I grab all the permissions that are assigned to those roles (simply a list of string values). For example, on a page I might have : <ul> <li>Add item</li> <li>View item</li> <li>Delete item</li> </ul> When I code that page, I actually secure each of those elements with permission strings named similar ( addItem, viewItem, deleteItem). <pre><code><cfif listContainsNoCase( session.permissions, 'addItem' )>  </cfif> </code></pre> (Note: I recommend using a custom tag or function for this, but for purposes of an example, the above works fine). If you do it this way, it provides maximum flexibility and abstraction. If you secure elements based off of roles, you limit yourself : <ul> <li>Adding new roles will require a lot of code changes!</li> <li>Changing permissions between roles requires a lot of code changes!</li> </ul> If you do it as mentioned above, you will never need to change your security code within the code base, because "addItem" permission should always be on the "add item" logic, right? :) Now if you happen to need to create a "manager" type role, that has all the user roles and a select few admin rights, you simply create that role, and assign it the correct permissions (maybe addItem and editItem, but not deleteItem). Bam! Now I have a manager role to assign to users with no code changes! If I had sprinkled my code with "is user this role" type of stuff - I would have to go edit my code everywhere to allow my new role "manager" - yuck! Make sense? =)
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POColdFusion: Application Options Based on Role?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USNate
UserOwnerUserId
1. USNate
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POColdFusion: Application Options Based on Role?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. CONate, you're the man. I really like this approach!
 singulars
 PostPostId
 PO
 UserUserId
 USdcolumbus
2. COThanks Nate, very helpful logic.. thx man !
 singulars
 PostPostId
 PO
 UserUserId
 USHoussem

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.