ColdBox Security Module
ColdBox Security Module
Introduction
Intro
Release History
About This Book
Author
Getting Started
Installation
Overview
Configuration
Rule Sources
Usage
Security Rules
Security Annotations
Secured URL
Interceptions
Authentication Services
cbSecurity Model
secure() Blocking Methods
Verification Methods
Authorization Contexts
Securing Views
Cross Site Request Forgery
Security Validators
CBAuth Validator
CFML Security Validator
Custom Validator
JWT
JWT Services
JWT Validator
Token Storage
Interceptions
Powered by GitBook

Authorization Contexts

There are also times where you need to validate custom conditions and block access to certain areas. This way, you can implement your own custom security logic and leverage cbSecurity for blockage. You will accomplish this via the secureWhen() method:

secureWhen( context, [errorMessage] )

The context can be a closure/lambda/udf or a boolean evaluation:

// Using as a closure/lambda
cbSecurity.secureWhen( ( user ) => !user.isConfirmed() )
cbSecurity.secureWhen( ( user ) => !oEntry.canPublish( user ) )
​
// Using a boolean evaluation
cbSecurity.secureWhen( cbSecurity.none( "AUTHOR_ADMIN" ) && !cbSecurity.sameUser( oAuthor )  )
cbSecurity.whenNone( "AUTHOR_ADMIN", ( user ) => relocate() );

The closure/udf will receive the currently authenticated user as the first argument.

( user ) => {}
function( user );
Previous
Verification Methods
Next
Securing Views
Last updated 2 months ago
Edit on GitHub