Blog

Gavin Pickin

August 14, 2017

Spread the word


Share your thoughts

I have been working for Ortus Solutions for over two years now, and still, every day I learn something new about one of our modules or tools. In one of my current customer projects, we are taking a ContentBox installation ( our Modular Content Management System built on top of ColdBox ), customizing it, extending it, and it's really fun. One of the big customizations for this projects is extending the permissions structure, outside of what we wanted to do in the ContentBox core.

We have added a lot of great features back into the core ( like we do with most customer projects ), 3.7 was just released, which includes a lot of those pieces, including 2 factor authentication, but I'll save that for another day. We did add permission groups, and several other items into the core, but we needed to do something special with permissions, not difficult to do, difficult to decide how to do it.

Current syntax for checking an author/user's permission in ContentBox

Author.checkPermission( "Pages_Admin" );

The existing permission is on the author object itself, nice neat and tidy. We wanted to name the function "checkPermissionsPlus".

Extend Security Service and add new function

We thought we could extend ContentBox's security service, and add a new function. This would require all our module code reference the new extended service. Since CFML is so dynamic, we could just inject the new method into the existing Security Service.

Inject new function into existing Security Service

This is a solid option, better than extending the security service, but they still have one big drawback. We would need to pass the author into the service, so the service knew which author to work on. The call would look something like this.

securityService.checkPermissionsPlus( "Pages_Admin", author );

Not terrible, but we could do better.

Could we extend / modify the Author object itself?

Yes we could.…but a service in a singleton, with wirebox, you can grab it anywhere, and even have wirebox inject methods for you… but an ORM object, not so easy… until I learned about Hibernate events… and how easy they are to use.

Hibernate Event Hooks

Hibernate has a series of events, it broadcasts when acting on objects… allowing you to hook into them. Including:

  • postNew()
  • preLoad()
  • postLoad()
  • postDelete()
  • preDelete()
  • preUpdate()
  • postUpdate()
  • preInsert()
  • postInsert()

You could try to tap into Hibernate directly, but that doesn't sound like fun, or easy to me… but that is where CBORM comes in. CBORM is our ColdBox ORM module that gives you a variety of tools to make working with ColdFusion ORM easier. One of those things is the ORM to ColdBox Interceptor bridge.

CBORM Interception Points

For each of the above methods, CBORM re-broadcasts a ColdBox interception point. This includes the data from hibernate, in a quick and simple accessible way.


Interception PointIntercept StructureDescription
ORMPostNew{entity}Called via the postNew() event
ORMPreLoad{entity}Called via the preLoad() event
ORMPostLoad{entity}Called via the postLoad() event
ORMPostDelete{entity}Called via the postDelete() event
ORMPreDelete{entity}Called via the preDelete() event
ORMPreUpdate{entity,oldData}Called via the preUpdate() event
ORMPostUpdate{entity}Called via the postUpdate() event
ORMPreInsert{entity}Called via the preInsert() event
ORMPostInsert{entity}Called via the postInsert() event


Now, I can just listen for those interception points, check what entity is being acted upon, if it’s the Author object, I can inject the new function to wrap the old one.

Then I will still be able to use a user friendly syntax

Author.checkPermissionsPlus( "Pages_Admin" );

Internally that function can do its magic, and then call the normal checkPermission() function. The existing function is unchanged, so we don't break existing functionality, and we do not need to edit the ContentBox core.

Here is the link to the ORM to ColdBox Interceptors page https://github.com/coldbox-modules/cbox-cborm/wiki/ORM-To-ColdBox-Interceptions

Would you like to see how to did it? If so, check back for the next post... where I'll share the code.

Add Your Comment

Recent Entries

Mastering Events and Listeners in CBWIRE

Mastering Events and Listeners in CBWIRE

In CBWIRE, events and listeners are the backbone of building responsive, modular applications without relying heavily on JavaScript. This guide walks you through setting up and using CBWIRE events to create seamless interactions between components, from dispatching events in CFML and frontend templates to listening with Alpine.js and JavaScript. Learn how to make your applications feel dynamic and engaging by effortlessly connecting components. Whether you’re triggering events to update a dashboard or targeting specific parts of your app with dispatchTo, these techniques will empower you to create a modern, interactive CFML experience with ease.

Grant Copley
Grant Copley
November 11, 2024
10 Key Benefits of Hiring a Specialized ColdFusion Consulting Team

10 Key Benefits of Hiring a Specialized ColdFusion Consulting Team

ColdFusion remains a powerful and versatile platform for building dynamic web applications. However, keeping your ColdFusion environment optimized, secure, and scalable requires specialized expertise. Whether managing a long-standing ColdFusion application or planning new development projects, hiring a dedicated ColdFusion consulting and support team can be a game-changer for CTOs, CIOs, and developers. Here's why:

1. Expert Guidance on ColdFusion Web Development

...

Cristobal Escobar
Cristobal Escobar
November 08, 2024
ColdBox Free Tip 5 - Building Named Routes with a Struct

ColdBox Free Tip 5 - Building Named Routes with a Struct

**Did you know ColdBox provides flexible ways to build routes using structs?** In this tip, we’ll cover how to use the `event.buildLink()` and `event.route()` methods for named routes, a feature that’s especially handy when working with dynamic URLs.

Maria Jose Herrera
Maria Jose Herrera
November 07, 2024