Name

IsAuthorized

Synopsis

IsAuthorized(resourcetype, resourcename [, action])

Returns True if the user is authorized to perform the action specified against a particular ColdFusion resource. The parameter resourcetype specifies the type of resource to check, while resourcename specifies the actual name of the resource. Possible resource types include Application, CFML, Collection, Component, CustomTag, Datasource, File, Function, User, and UserObject. action is required for all resource types except Component, CustomTag, Function, and User and specifies the action to check authorization for. The following table lists each resource type with possible values for action:

Resource Type

Possible Values for Action

Application

All, UseClientVariables 

CFML

Any valid action of the CFML tag specified in resourcetype 

Collection

Delete, Optimize, Purge, Search, Update 

Component

N/A

CustomTag

N/A

Datasource

All, Connect, Delete, Insert, Select, SP (stored procedure), Update 

File

Read, Write 

Function

N/A

User

N/A

UserObject

action as specified in the ColdFusion Administrator

To use the IsAuthorized( ) function, Advanced Security needs to be enabled within the ColdFusion Administrator, and a valid security context must already be defined. The following example uses the IsAuthorized( ) function to determine if a user is authorized to use the CFFILE tag to perform a file upload: 

<CFIF IsAuthorized('CFML', 'CFFILE', 'Upload')> perform file upload... <CFELSE> You are ...

Get Programming ColdFusion now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial