[Coldbox 6.6.1][cbsecurity 2.15] Handler and Module Route Name Conflict/Collision

I’ve run into a sticky situation where I have a ColdBox module named tours with an entrypoint of /admin/tours/, but it’s conflicting with a root handler named tours.

Because I’m using cbsecurity, I’m getting security errors when trying to access the root app handler (/tours/. To clarify, the handler /tours/ should be publically accessible, but the module entrypoint /admin/tours/ should not.

I know the simplest solution is to rename the root app handler to something else, but I figured I would check to see if there’s a way to either configure the module so it cannot be accessed any way other than the entryPoint value in ModuleConfig.cfc, or configure my route to specify that /tours/ requests should be handled by the root app.


// Module Properties
	this.title 				= "tours";
	this.author 			= "";
	this.webURL 			= "";
	this.description 		= "";
	this.version			= "1.0.0";
	// If true, looks for views in the parent first, if not found, then in the module. Else vice-versa
	this.viewParentLookup 	= false;
	// If true, looks for layouts in the parent first, if not found, then in module. Else vice-versa
	this.layoutParentLookup = false;
	// Module Entry Point
	this.entryPoint			= "admin/tours";
	// Inherit Entry Point
	this.inheritEntryPoint 	= false;
	// Model Namespace
	this.modelNamespace		= "tours";
	// CF Mapping
	this.cfmapping			= "tours";

// cbsecurity
 "rules" : [
         "secureList" 	: "tours:*"  // secure the module!

// Conventions based routing		
route( ":handler/:action?" ).end();