Kinky Solutions : Code Viewer by Ben Nadel

OOPhoto: Implementing Security In An Object Oriented Application - Round I
<cffunction
	name="CheckPermissions"
	access="public"
	returntype="boolean"
	output="false"
	hint="I return a boolean flag as to whether or not the user can perform the given action.">
 
	<!--- Define arguments. --->
	<cfargument
		name="User"
		type="any"
		required="true"
		hint="I am the user in question."
		/>
 
	<cfargument
		name="Action"
		type="string"
		required="true"
		hint="I am the action being performed."
		/>
 
	<cfargument
		name="Target"
		type="any"
		required="true"
		hint="I am the target object upon which the action is being performed."
		/>
 
 
	<!--- Check to see which type of action we are checking. --->
	<cfswitch expression="#ARGUMENTS.Action#">
 
		<cfcase value="do">
 
			<!---
				In this application, there are no view
				restriction, so we are not gonig to do anything.
				But, if we needed to add DO-based permissions,
				we could do it here.
			--->
			<cfreturn true />
 
		</cfcase>
 
		<cfcase value="delete">
 
			<!--- Check to see what kind of object this is. --->
			<cfswitch expression="#ListLast( GetMetaData( ARGUMENTS.Target ).Name, '.' )#">
 
				<cfcase value="PhotoGallery">
 
					<!---
						When it comes to photo galleries, the user
						can only edit galleries that they authored.
					--->
					<cfif (
						ARGUMENTS.Target.GetID() AND
						(
							NOT (
								(NOT IsSimpleValue( ARGUMENTS.Target.GetUser() )) AND
								(ARGUMENTS.Target.GetUser().GetID() EQ ARGUMENTS.User.GetID())
							)
						))>
 
						<!---
							Either no user was set yet or the
							current user is not the author of the
							given photo gallery; access is not
							allowed.
						--->
						<cfreturn false />
 
					</cfif>
 
				</cfcase>
 
			</cfswitch>
 
		</cfcase>
 
		<cfcase value="edit">
 
			<!--- Check to see what kind of object this is. --->
			<cfswitch expression="#ListLast( GetMetaData( ARGUMENTS.Target ).Name, '.' )#">
 
				<cfcase value="PhotoGallery">
 
					<!---
						When it comes to photo galleries, the user
						can only edit galleries that they authored.
					--->
					<cfif (
						ARGUMENTS.Target.GetID() AND
						(
							NOT (
								(NOT IsSimpleValue( ARGUMENTS.Target.GetUser() )) AND
								(ARGUMENTS.Target.GetUser().GetID() EQ ARGUMENTS.User.GetID())
							)
						))>
 
						<!---
							Either no user was set yet or the
							current user is not the author of the
							given photo gallery; access is not
							allowed.
						--->
						<cfreturn false />
 
					</cfif>
 
				</cfcase>
 
			</cfswitch>
 
		</cfcase>
 
		<cfdefaultcase>
 
			<!---
				If the given action could not be found, then we
				have no reason to think the user shouldn't be
				performing this action. Simply return out.
			--->
			<cfreturn true />
 
		</cfdefaultcase>
	</cfswitch>
 
	<!---
		If we have gotten this far without returning,
		then just return true since we were not checking for
		something explicitly.
	--->
	<cfreturn true />
</cffunction>
For Cut-and-Paste