This topic is locked

Permissions and regenerating the Project

7/13/2005 10:30:21 AM
PHPRunner General questions
prleo1 author

I have been using PHPRunner for about two months now and think it is a pretty good product. However, I am getting frustrated by having to regenerate the project if another user needs to be added or if permissions need to be added/removed.
What file(s) actually control who gets what? I am using the bottom option in security, (Add Group Permissions); when in Group Permissions, I am actually selecting the username in the field, then giving them rights to each page.
Also, is development working on a means of actual group permissions within the database? For instance, I was using another product prior to this that was using two tables for permission sets.

  1. User table
  2. Group Table

roy 7/14/2005

This is a feature that I very much would like to see as well. Regenerating the code will become more and more problematic as customization progresses. So far it's only menus and a reports sub-system.
I would like to be able to assign users to groups, such as 'sales', 'graphics', 'production', 'admin', etc. I can then add users to the users table, but assign them to the appropriate group. I can then pre-generate the permissions for the group.
Roy

admin 7/15/2005

We work on implementing real group-based permissions in the next version of ASPRunner/PHPRunner.
Meanwhile you can implement this manually. There are several places in PHP code that need to be changed.

  1. login.php
    in the beginning:
    old:

    $_SESSION["UserID"]="Guest";
    new:

    $_SESSION["UserID"]="Guest";

    $_SESSION["Username"]="Guest"; More...
    in the middle
    old:

    if($data=db_fetch_array($rs))

    {

    $_SESSION["UserID"] = @$_POST["username"];

    $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;

    if($_POST["username"]==$cAdminUserID)

    $_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;
    new:

    if($data=db_fetch_array($rs))

    {

    $_SESSION["Username"] = @$_POST["username"];

    $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER;

    if($_POST["username"]==$cAdminUserID)

    $_SESSION["AccessLevel"] = ACCESS_LEVEL_ADMIN;

    $_SESSION["UserID"] = $data["GroupID"];
    GroupID here is a database field that holds user group id.


  2. menu.php and ..._list.php
    old:

    <?php echo $_SESSION["UserID"];?>
    new:

    <?php echo $_SESSION["Username"];?>
  3. probably you will need to change group names as well
    include/..._functions.php

    functions GetUserPermissions and GetTables
    menu.php

    functions GetTables

R
Richard 8/1/2005

Hi,
I'm an unregistered user currently evaluating the software for purchase.
Question: I have one database with 4 tables. I would like to offer different groups of users access to different tables. For example, Table 1 grants access to add and edit own data with the aid of a users table for those who have registered. For Table 2, which is a completely distinct table on the same data base, I would like to offer one set of users access to view limited fields on Table 2 and another group hardcoded access only. How do I go about this.
As of now, when I set options for Table 2 with PHPrunner and FTP the final product, I no longer have login access to Table 1.

admin 8/1/2005

Richard,
This sounds as a project configuration problem. You need to make sure that users do have permissions to access "Table 1".
If this doesn't help you can send your project file along with database creation script or database dump to support@xlinesoft.com for investigation.