2. PHPRunner General questions
  3. [SOLVED]  MySQL Error on AfterTableInit() custom logic (role based views)
This topic is locked
[SOLVED]

 MySQL Error on AfterTableInit() custom logic (role based views)

 		7/6/2016 2:45:10 PM
PHPRunner General questions
J
 jump3r34 author

I am using "After table initialized" instead of creating tons of separate views for multiple reasons including maintainability, logic stays relatively constant and relationships. However, when I use something like(and it is a tad more complicated the way I wrote the logic but this is the gist of it):
//if user in client role

if($_SESSION["roleprefix"]=='01')

{

$query->replaceWhere("id=".$_SESSION["client_id"]);

}

// if user is in service-client role

if($_SESSION["roleprefix"]=='02')

{

$query->addWhere("service_client_id=".$_SESSION["service_client_id"]);

}

// if user is admin

if($_SESSION["roleprefix"]=='00')

{

$query->replaceWhere("");

}
The logic works great until I pull up a table that uses this table as a drop-down as an add/edit as relationship. Here is the error:
Error type 256

Error description You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')) and (id = 1)' at line 3

URL localhost/client_branch_list.php?

Error file \output\connections\MySQLiConnection.php

Error line 142

SQL query SELECT [removed for verbosity] FROM client WHERE ((id= )) and (id = 1)
So just to give it short: AfterTableInit() logic works fine on all 'client' table functions, however when I go to the client_branch_list page - it errors out every time because the dropdown for client under client_branch is relating back to the client table obviously and appears to be adding an extra (id=) and (id=1)[this is from the session variables I store at successful login]. When I code from scratch I usually can fix things like this in 15-30 minutes because I know where all the query data is at, however I am not sure what is causing this conflict and if I can figure it out, I can finish up this application view logic and have a pretty snappy application with over 7 types of roles all login and getting the view permissions of exactly what I need them to see and edit and nothing more.
Sergey Kornilov admin 7/6/2016

According to what I see session variable $_SESSION["client_id"] is not populated.
J
 		jump3r34 author 7/6/2016



According to what I see session variable $_SESSION["client_id"] is not populated.


Sergey,
You were right.
For some reason it is disposing that single variable after the welcome(menu) page. I know the variable was good after login(because in dev mode I print_r my variables in the header of every page) but after the first page it trashes that session variable. The weird thing is $_SESSION["UserData"]["client_id"] stays for the entire session, which what I was deriving $_SESSION["client_id"] from. Oh well, no biggie now that I know it just must not like that variable name or something, but in my years of coding, I have realized it is best to fix it an move on, because I can sit here for a week trying to figure out what it did not like and get nowhere.
Thanks
Oh - by next week I will post some information on how to connect a PHP web api framework to the db that is running phprunner and have full access to full documentation and webApi security measures and it is all free. I think it is a near perfect marriage with phprunner, as is amazon S3 and Amazon AuroraDb - I can get blazing fast speeds with some of these newer setups.
J
 		jump3r34 author 7/6/2016

Just to inform anyone reading this on how I created the logic for the views and roles.
Static Permissions (this is best so you can control logic from the pre-build stage and keeps your application lighter and more manageable)
permission format => [roleprefix(2 digits)].[rolesuffix(2 digits)]~[rolename]

so client(01).admin(01) would be 01.01~client-admin

client-manager would be 01.02~client-manager

service-client-admin is 02.01~service-client-manager
then at successful login I just parse the first two digits then the second two digits and then split at the ~ and take the right side of the string for the name. Then on $_SESSION["roleprefix"]=='01' I know it is a client (no matter what client role, I know it is a client).
So I create columns on each table that are client or client-branch specific or any role I need, and then start with a single if statement to start the logic for that view.
Let me know if you have any questions and I can help - I have been doing stateless and statefull views for a while now. Also, I can give a few pointers on css classes that make it super easy to hide/show entire blocks of elements with a single js call.