cbSecurity
CommunitySlackSupport
v2.x
v2.x
  • Introduction
  • Intro
    • Release History
      • What's New With 2.15.0
      • What's New With 2.14.0
      • What's New With 2.13.0
      • What's New With 2.12.0
      • What's New With 2.11.x
      • What's New With 2.10.0
      • What's New With 2.9.0
      • What's New With 2.8.0
      • What's New With 2.7.0
      • What's New With 2.6.0
      • What's New With 2.5.0
      • What's New With 2.4.0
      • What's New With 2.3.0
      • What's New With 2.2.0
      • What's New With 2.1.0
      • What's New With 2.0.0
    • About This Book
    • Author
  • Getting Started
    • Installation
    • Overview
    • Configuration
      • Rule Sources
        • DB Rules
        • Inline Rules
        • JSON Rules
        • Model Rules
        • Module Rules
        • XML Rules
  • Usage
    • Authentication Services
    • Security Rules
    • Security Annotations
    • Secured URL
    • Interceptions
    • cbSecurity Model
      • secure() Blocking Methods
      • Verification Methods
      • Authorization Contexts
      • Securing Views
    • Cross Site Request Forgery
  • Security Validators
    • CBAuth Validator
    • CFML Security Validator
    • Custom Validator
  • JWT
    • JWT Services
    • JWT Validator
    • Refresh Tokens
    • Token Storage
    • JWT Interceptions
  • External links
    • Source code
    • Issue Tracker
    • cbauth
    • cbcsrf
    • JWT CFML
Powered by GitBook
On this page

Was this helpful?

Edit on Git
Export as PDF
  1. Usage
  2. cbSecurity Model

Verification Methods

If you just want to validate if a user has certain permissions or maybe no permissions at all or if a passed user is the same as the logged in user, then you can use the following boolean methods that only do verification.

Please note that you could potentially do these type of methods by leveraging the currently logged in user and it's hasPermission() method. However, these methods provide abstraction and can easily be mocked!

// Checks the user has one or at least one permission if the 
// permission is a list or array
boolean cbSecurity.has( permission );
// The user must have ALL the permissions
boolean cbSecurity.all( permission );
// The user must NOT have any of the permissions
boolean cbSecurity.none( permission );
// Verify if the passed in user is the same as the logged in user
boolean cbSecurity.sameUser( user );

These are great to have a unified and abstracted way to verifying permissions or if the passed user is the same as the logged in user. Here are some examples:

View Layer

<cfif cbsecure().has( "USER_ADMIN" )>
    This is only visible to user admins!
</cfif>

<cfif cbsecure().has( "SYSTEM_ADMIN" )>
    <a href="/user/impersonate/#prc.user.getId()#">Impersonate User</a>
</cfif>

<cfif cbsecure().sameUser( prc.user )>
    <i class="fa fa-star">This is You!</i>
</cfif>

Other Layers:

if( cbSecurity.has( "PERM" ) ){
    auditUser();
}

if( cbSecurity.sameUser( prc.incomingUser ) ){
    // you can change your gravatar
}

Please note that we do user equality by calling the getId() method of the authenticated user and the incoming user. This is part of our IAuthUser interface requirements.

Previoussecure() Blocking MethodsNextAuthorization Contexts

Last updated 5 years ago

Was this helpful?