[SOLVED] Advanced security problems

This topic is locked

[SOLVED] Advanced security problems	6/10/2010 4:06:01 PM
PHPRunner General questions
J Jepsen author I have a problem I want everyone to look at the same table, but to see different parts of it depending on their permissions. Have a table "Projects" where each project is given an alpha (or numerical code, but I think it has to be alpha). Have a users table with a field "Projects". Projects is multi line drop down from table Projects. Each user can be associated with one (minimum) or several projects. Ie "A,B,D" A table "issues" having a field "Project" with one project code from table "Projects" When the user is logged in, he will se only the issues for the projects which is associated in his users.Projects field. This one I cannot crack. I can easily crack it by making a separate table for each project and manage the users in the dynamic security. But I do not know what projects there are next year. So this solution requires update every bloody time we have a new project. Anyone who can help?

Mark as Solved Mark as not solved

3 replies


A	ann 6/11/2010
	Morten, to show only projects associated with the user logged in use List page: Before SQL query event on the Events tab. Here is a sample: `$sql="select Projects from issues where username='".$_SESSION["UserID"]."'"; $rstmp = CustomQuery($sql); $datatmp = db_fetch_array($rstmp); if ($datatmp["Projects"]) { $arr = explode(",",$datatmp["Projects"]); for ($i=0; $i<count($arr); $i++) $arr[$i] = "'".$arr[$i]."'"; $str = implode(",",$arr); $strWhereClause = whereAdd($strWhereClause,"Projects in (".$str.")"); }` where Projects, username are actual field names, Issues is actual table name


J	Jepsen author 6/11/2010
	Ann thanks for reply, but from your answer I can see that I did not express myself clear. I try again Table 'users' users.id users.username users.password users.projects (this column contains the projects the user can access. ie "A,B,K,L") so this user have access to 4 projects Table 'issues' issues.id issues.project ( the one project that this issue is associated with ie: "B") issues.title issues.text An issue is associated with a specific project, and only one project. The 'issues' table do not contain info on that users are associated with the issues. And now I want the user to see only the issues associated with the projects he is associated with. The user above will see issues on A, B, K and L. Another user will only see "C" or whatever. Hope this was more clear and sorry for not being specific enough in my first posting.


J	Jepsen author 6/11/2010
	Ann Your code worked, I was just not smart enough to see it straight away. Here is the final version once I modified it: `$sql="select projects from members where email='".$_SESSION["UserID"]."'"; $rstmp = CustomQuery($sql); $datatmp = db_fetch_array($rstmp); if ($datatmp["projects"]) { $arr = explode(",",$datatmp["projects"]); for ($i=0; $i<count($arr); $i++) $arr[$i] = "'".$arr[$i]."'"; $str = implode(",",$arr); $strWhereClause = whereAdd($strWhereClause,"project in (".$str.")"); }` Thanks for your help <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=50459&image=1&table=forumreplies' class='bbc_emoticon' alt=':)' />

3 replies

Mark as Solved Reply