User Guide
Chapter 17: Application Security 273
Example: orders.cfm
<!--- This example calls the IsAuthorized function. --->
...
<!--- First, check whether a form button was submitted --->
<CFIF IsDefined("form.btnUpdate")>
<!--- Is user is authorized to update or select
information from the Orders data source? --->
<CFIF ISAUTHORIZED("DataSource", "Orders", "update")>
<CFQUERY NAME="AddItem" DATASOURCE="Orders">
INSERT INTO Orders
(Customer, OrderID)
VALUES
<CFOUTPUT>(#Customer#, #OrderID#)</CFOUTPUT>
</CFQUERY>
<CFOUTPUT QUERY="AddItem">
Authorization Succeeded. Order information added:
#Customer# - #OrderID#<BR>
</CFOUTPUT>
<CFELSE>
<CFABORT SHOWERROR="You are not allowed
to update order information.">
</CFIF>
</CFIF>
<CFIF ISAUTHORIZED("DataSource", "Orders", "select")>
<CFQUERY NAME="GetList" DATASOURCE="Orders">
SELECT * FROM Orders
</CFQUERY>
Authorization Succeeded. Order information follows:
<CFOUTPUT QUERY="GetList">
#Customer# - #BalanceDue#<BR>
</CFOUTPUT>
<CFELSE>
<CFABORT SHOWERROR="You cannot view
order information.">
</CFIF>