Resinfox ACL installation and tips
Home » Resinfox acl4m:g install & tipsTo install the access control applicationtemplate. simply unzip the acl_<releasedate>.zip file into a web accessible folder, to which a standard Model-Glue and ColdSpring setup is already available(The ACL was created the latest version of MG, "Unity"), with the standard MG mappings set up. (See the MG installation instructions for this). You should end up with /<WEBROOT>/awt/ (awt is the just the app folder name, rename it if you want)
Then, as per the standard application template, rename the paths to the standard controllers, components and access points to suit your installation in the ModelGlue.xml, ColdSpring.xml and Application.cfm. Finally, either alter the default paths in the /<WEBROOT>/awt/model/acs.cfc to suit your installation, or pass your initialisation values in the init() function in OnRequestStart() in /<WEBROOT>/awt/controller/acsController.cfc. That's it!
How it works (the end-users point of view...)
Once installed, any URL or link access to a non-public event will redirect you to a login screen (see below). After logging in, you will be directed to the requested page.
Important Info On the users.cfg, groups.cfg and map.cfg files
These files control the access to your application and are in the /<WEBROOT>/awt/model/data/ folder, purely for demonstration purposes. In a live environment, DO NOT DEPLOY THEM HERE! Have your sysadmin create a secure folder outside of the <webroot>, copy the files in there and supply the absolute path to the new folder by modifying the acs.cfc file or passing in the values via acsController.cfc as above. Depending on which user your Coldfusion installation is running as, the file permissions should be set to either 700 (read,write,execute by owner only) or 770 (read,write,execute by owner and group only). If you HAVE to deploy the file here (or in any folder below your webroot), at least put a .htaccess file in the /<WEBROOT>/awt/model/data/ folder with a "deny from all" directive in it.
One other thing. The users, groups and map file operate on a simple incremental index that relies on common sense to keep unique. If you use the file based system, it doesn't really matter if the indexes contain gaps. It's just a unique way of identifying the user or group description. If you feel you need to add or remove entries manually from the command-line, just make sure you keep the indexes unique, no telling what you might get if 2 lines have the same index! However, if you feel the urgent need to write a reindexing helper, be my guest! Same goes for the map file, but then, your <event-handlers> should be unique anyway.
application.acsMap.Link(event_name,link_text,groupid,class,baselink)
The ACS can be slotted into your M:G application with practically no modification required to your models, controllers or views. However, it might get a bit annoying if you display navigation and menu options to your users, and they keep getting directed to a login page if they have no access rights. This might be the way you want your app to work, but the Link() helper function is a basic utility that you can use in your views that produces an <a> navigation link for only those logged in users with the required access level to the link destination. The first 3 attributes are required:
- event_name - the name of destination <event-handler>
- link_text - Text description of the link
- groupid -Comma separated list of GROUP IDs allowed access to DESTINATION
- class - CSS style association
- baselink - set to index.cfm?event= (change this if using rewriting rules, for instance)