Resinfox ACL basics

There really isn't anything to using this ACL. Download and unpack it to your webroot, configure the standard ModelGlue.xml and ColdSpring.xml stuff as you would the normal modelglue application template. Then, either open up acs.cfc in the model/ directory and modify the default paths, or just init() the acs model with your settings in the acsController.cfc in the controller/ directory. If instead you want to shoehorn the ACS into your existing application, here's how to do it.

It's not doing anything that's rocket science or super clever, just practical. For the project i'm currently on we've modified it slightly to pick up it's users and groups from Active Directory and we've also "ajaxified" the front-end with the prototype library, just to simplify access control assignments into a single, excel-like screen. I put the earlier, simpler version out (text files are used to represent users, groups and privileges) just to get rid of the extra dependencies on external tools, but it's very very easy to add them back in, or have the data managed in a DB. Just pick apart the acs.cfc model

The Theory 

The ACL works on this basic principle. Users have NO DIRECT ACCESS to <event-handlers> in the ACL (non public). Each USER belongs to one or more GROUPS, and each <event-handler> is accessible by one or more GROUPS. Each <event-handler> -> GROUP/s pairing is a PRIVILEGE.

Each new <event-handler> that a developer adds to the system is automatically picked up in the PRIVILEGES screen as a public event. You can then leave it as is so that it is visible to all, or use one of the on-screen tools to add the new event to the admin group only, or all groups. Once the event is in the ACL, any direct call to that page/event will result in a redirection to the login screen if the currently logged-in user belongs to a group that is not privileged to see that event. There is an additional tool that allows you to build links that are visible or invisible according to the privilege level, also. We'll see this later.

Hard And Fast Rules
The only system restrictions is that as the app currently stands, you MUST have at least one group with an index ID of 1. This represents the admin group. You must also have at least 1 admin user (member of the admin group) to be able to access the ACL management screens. Only group ID 1 (admin) has access to the ACL screens. That's it! If you look at the users.cfg, groups.cfg and map.cfg files in the model/data/ directory you can see this more clearly.

Useful Links

• Introduction
• Is & Is Not
• Adding Users
• Adding Groups
• Managing Access
• Installation
• acs.cfc
• acsController.cfc
• Download