2. PHPRunner General questions
  3. Users can see other users data; edit their own data only ..
This topic is locked

Users can see other users data; edit their own data only ..

 		2/24/2009 1:19:45 PM
PHPRunner General questions
J
 jbisko author

I have been trying to build a simple project based on the jobposts example.

What I would like to have happen is simply that users can view all of the job posts but only add, edit, and delete their own.
For startes, I only made just a couple of modifications to the default project.

I have added a UserID to the jobsjobs table that is then joined to the Username field in the jobsusers table (Left Outer Join).
On the security tab for the jobsjobs table, under Advanced Security Settings, I select "Users can see other users data; can edit their own data" and I link the Users Table "Username" to the Main Table "UserID".
I then login is a particular user and add a couple of records to the database.
I have the edit and inline edit options enabled for the jobjobs table.

When I go to the jobsjobs_list.php page when logged in as a particular user, I would expect to see all of the job postings, but only see the edit and inline edit capability show up for the ones that I own as the current user. But, it does not work this way. Instead, I don't any edit or inline edit links available for any of the records, only the view link. Also, if I select a particular record with the square checkbox field and click on the "edit selected" link above the jobposts listing, nothing happens regardless of whether I own the record or not.
Is this how it is supposed to work? I would hope that the edit (and inline edit) would be enabled for the records belonging to the current user. Is this a bug? I do notice that if I change the Advanced security setting to either of the other two modes "Users can see and edit other users data" or "Users can see and edit their own data data only", then the screen will display with the edit links enabled, but this is not the behavior that I want because I don't want a user to be able to edit other postings that aren't his/hers and I don't want to restrict the view list to only his records. (I know that I can create an additional customview that only shows the logged in users own records for clean up purposes).
I noticed the type of behavior that I desire does seem to be somewhat demonstrated in the Classified example, but I'm not sure if this is only because custom code is making it work that way as opposed to the default Security Settings dialog.
The example jobposts application is about 80% of the way there for the application that I want to create, but just trying to add a few of the additional security requirements has been proving a bit difficult.
I look forward to some assistance on the above security questions.
Thanks.
J
 		jbisko author 2/24/2009

By the way, I am using PHPRunner 5.0 (Build 766).
Sergey Kornilov admin 2/24/2009

What is the data type of UserID field you have added to JobsJobs table?
When you setup advanced security make sure you pick fields of the same data type.
I would make UserID in JobsJobs table an integer field and would link it to ID field in JobsUsers.
J
 		jbisko author 2/24/2009

What is the data type of UserID field you have added to JobsJobs table?

When you setup advanced security make sure you pick fields of the same data type.
I would make UserID in JobsJobs table an integer field and would link it to ID field in JobsUsers.


Hi Sergey,
I was using Varchar for the UserID in the jobsjobs table and linking it to the username in the users table, but I tried your suggestion of changing it to an INT and linking it to the ID field in the users table. However, the problem still exists with the edit and inline edit not showing up in the jobs list.
I did however, try a similar experiment with just using the Application Wizard and the jobs database without choosing the Jobs template. In this case, the edit and inline edit links showed up properly.
So, I think there is definately, a problem with the jobs template and PHPRunner 5.0 (766).

I'd be happy to upload a sample project, but it might be easier for you to just attempt to recreate the problem. If you just build a brand new jobposts project, and add a UserID (of type Int) to the jobs table then link to the ID field in Users table. Now, in the Security section for the jobs table, specify that users can see all data, but only edit their own.
After building the project and adding a user and a post for this user, you will see that the edit and inline edit don't appear in the jobslist page. Also, the "edit selected" link above the postings, does not work and indicates a java script:void(0) in the browser status when you put the cursor over the link.
Also, the View page for the jobsjobs table does not correcty inherit the theme in the "Title & Category" display just below the header. (This I can solve at the moment by manually setting the colors of the cells).
So, clearly there are a few issues with the jobs template. Any, fast resolution (at least for the edit links not showing up in the list for user owned records) would be greatly appreciated as I do need to get this project finished ASAP.
Thanks,
Jeff
Sergey Kornilov admin 2/24/2009

Jeff,
I see what you saying.
Once you added UserID field to JobsJobs table proceed to SQL Query page and make sure this field is included into the list of fields.
J
 		jbisko author 2/25/2009

Jeff,

I see what you saying.
Once you added UserID field to JobsJobs table proceed to SQL Query page and make sure this field is included into the list of fields.


That did the trick! Thanks Sergey.