2. ASPRunnerPro General questions
  3. Group Permissions
This topic is locked

Group Permissions

 		7/29/2005 5:11:07 PM
ASPRunnerPro General questions
author

Sergey, this is what I want to do:
Table: users

=========

username, password, group

--------------------------------

admin, something, admin

nik, something, admin

peter, something, user

david, something, user

steve, something, guest
Then I want to give different access to various GROUPS (not usernames)
Eg. for some table (project)

group, list, view, edit, print

-------------------------------

admin, 1,1,1,1

user, 1,1,0,1

guest, 1,0,0,0
This is how Windows does it for Windows users.
I don't think this can quite be done now with ASPRunner.
I tried to trick the system by adding a field Owner to this table where I am trying to control access. It defaults to a name of the group who I want to give access to this table. Every record has it, and it's the same.
I then use "Users can see and edit their data only" and point the Users OwnedID field to Table:users/group and Main Table OwnerID to the field "Owner" above.
But this doesn't seem to work. Although it should.
Nik

nstankovic at yahoo.com
admin 7/31/2005

We work on implementing real group-based permissions in the next version of ASPRunner/PHPRunner.
Meanwhile you can implement this manually. There are several places in generated ASP code that need to be modified.

  1. login.asp
    in the beginning:
    old:

    Session("UserID")="Guest"
    new:

    Session("UserID")="Guest"

    Session("Username")="Guest"
    in the middle of login.asp
    old:

    if request("username")=CStr(rs(cUserNameField)) and request("password")=CStr(rs(cPasswordField)) then

    Session("UserID") = Request("username")

    Session("AccessLevel") = ACCESS_LEVELUSER

    if Request("username")=cAdminUserID then

    Session("AccessLevel") = ACCESS_LEVEL_ADMIN
    new:

    if request("username")=CStr(rs(cUserNameField)) and request("password")=CStr(rs(cPasswordField)) then

    Session("Username") = Request("username")

    Session("AccessLevel") = ACCESS_LEVELUSER

    if Request("username")=cAdminUserID then

    Session("AccessLevel") = ACCESS_LEVEL_ADMIN

    Session("UserID") = rs("GroupID")
    GroupID here is a database field that holds user group id.


  2. menu.aspp and ..._list.asp
    old:

    <%=Session("UserID")%>
    new:

    <%=Session("UserName")%>
  3. probably you will need to change group names as well
    include/..._aspfunctions.asp

    functions GetUserPermissions and GetTables
    menu.asp

    functions GetTables
500311 7/31/2005

Thanks Sergey... just wanted to make sure I wasn't missing something.
I've been mucking with the code myself. Something similar to what you suggest.
I'll post results when I get it running...
This is cruicial for me. If I can't get this running, ASPRunner is not much use to me.
Haven't registered yet, will do when I get it running.

  • Nik