Coldfusion Inheritance Tax

There’s a new project I’m working on, with which I’ve found another interesting way for defining security levels.  Yes I know that Coldfusion has built-in security, but it doesn’t generally fit in all the custom programming we do, so I’ve tended to ‘roll my own’ security systems over the years.  In this new method, I am defining the user object (admin, coordinator, scout and student) by the security type, which also defines the object type.  Then, all of the objects that need to be created follow suit, such as program folders and defined user objects.  It’s really an experiment to see if it’s more or less work and coordination than previous types.  I think it works well in this situation because there are clearly defined roles that do not overlap, so I will not be building the same screens over and over, each will be very different from the other.

What I found though, was a problem with extending my application.cfc.  I opened up Firefox this morning, and because of its nifty remembering of the pages I had open the night before, it opened up directly in the admin section of this new site.  The problem was that it opened to an error.  The error was stating that my user session object was not defined (Element USER is undefined in a Java object of type class [Ljava.lang.String; referenced as).

So I opened up my application.cfc in the root, and then the application.cfc in that folder.  I read line by line until my eyes glazed not understanding what the problem was.  Then I saw something that changed my head banging on the table to my hand smacking my head.  It turns out that I was ‘overloading’ the onRequestStart function but I was trying to use the user object before I made a call to the super onRequestStart which would spark the creation of the user object. Ta da!  This was almost as frustrating as having to figure out that since my root application isn’t actually in the root, I needed to call it like I call cfcs, from the folder “roster” which is where my application resides within the website.

<cfcomponent output=”no” name=”Application” extends=”roster.application”>

<cffunction name=”onRequestStart” returntype=”boolean” output=”false”>
<cfargument name = “thePage” type=”String” required=true/>

<cfset var currentPath = GetCurrentTemplatePath()>
<cfset var thisObject = “”>
<!—Call the SUPER to get the root application stuff going—>
<cfif SUPER.OnRequestStart( ARGUMENTS.thePage )>
<!— The ‘thisobject’ created from the file location should match a security level object—>
<!—we need the user’s defined function (which requires the user object that doesn’t get created until the SUPER call above)—>
<cfset thisObject = session.user.getOBJECT()>
<cfif not StructKeyExists( SESSION.user, thisobject )>
<cfthrow message=”Object Not Defined: #thisobject#” detail=”The current object #thisobject# has not been defined properly.”>
</cfif>
<cfreturn true />
<cfelse>
<cfreturn false />
</cfif>

</cffunction>
</cfcomponent>