2. PHPRunner General questions
  3. [SOLVED]  Lookup Wizard Security
This topic is locked
[SOLVED]

 Lookup Wizard Security

 		11/21/2011 12:25:42 PM
PHPRunner General questions
P
 propelledjeans author

I have a large database with many tables, but for this example let's say I have three tables: users, location, and device. The location table has a one to many relationship with the device; one location can have many devices, but each device can only have one location. NOTE: The device table has a key called "location" where the location information (well, ID) is stored.
SCENARIO:

Let's say we have two users, Jon and Rita. Jon should ONLY have access to his respective information, and the same for Rita; she should only have access to her own information. Jon has his own set of locations, and Rita has her own; they do not share locations.
Jon needs to change his 'device' location via a drop down menu. On the edit page of the device, the 'Location' field is a drop down that shows the 'location' table ID. My problem is that it is showing ALL of the location IDs (including Rita's) even though the security settings are set for each table that each user can only access their own information.
How do I fix this? What am I doing wrong?
C
 		cgphp 11/21/2011

Set the where clause for the lookup wizard. Check the "WHERE expression" paragraph here: http://xlinesoft.com/phprunner/docs/lookup_wizard.htm
P
 		propelledjeans author 11/21/2011



Set the where clause for the lookup wizard. Check the "WHERE expression" paragraph here: http://xlinesoft.com/phprunner/docs/lookup_wizard.htm


What should I put in there? I understand that it is a PHP expression, I just don't know what to use for my application.
C
 		cgphp 11/21/2011

The location table should have a user field (like user_id). In the where clause enter this code:

"user_id ='".$_SESSION['UserID']."'"



where $_SESSION['UserID'] is the current logged in user.
P
 		propelledjeans author 11/21/2011



The location table should have a user field (like user_id). In the where clause enter this code:

"user_id ='".$_SESSION['UserID']."'"



where $_SESSION['UserID'] is the current logged in user.


I tried this out and changed user_id to UserID and it did not work. There was nothing showing in the dorp down now.
C
 		cgphp 11/21/2011

What's the name of the user id field in the device table ?
W
 		wildwally 11/22/2011

Do you have a field in the Location table that links to the user? From what I read it doesn't sound like you have any way to filter this info as your wanting. What fields are in the location table?
P
 		propelledjeans author 11/22/2011

Fixed it! It was a problem with the MySQL table itself and the relationships between them.
Thanks for your help everyone.