Advanced Security

This topic is locked

Advanced Security	9/18/2006 4:42:44 PM
PHPRunner General questions
M markdorminy author Yeah, really... I need for a user to to be able to see all tables BUT their own... I can use security to accomplish the opposite of that - ie they can see and edit either their own data or all data, but I need a way to filter the inverse. Thanks!!! MD

Mark as Solved Mark as not solved

2 replies


	Sergey Kornilov admin 9/18/2006
	You can modify for this purpose function SecuritySQL($strAction) in include/..._functions.php function SecuritySQL($strAction) { global $cAdvSecurityMethod,$strTableName; $ownerid=@$_SESSION["OwnerID"]; $ret=""; if(@$_SESSION["AccessLevel"]==ACCESS_LEVEL_ADMIN) return ""; $ret=""; if($cAdvSecurityMethod == ADVSECURITY_VIEW_OWN \|\| $cAdvSecurityMethod == ADVSECURITY_EDIT_OWN && ($strAction=="Edit" \|\| $strAction=="Delete")) $ret=GetFullFieldName("OwnerIDFieldGoesHere")."<>".make_db_value(RemoveFieldWrappers("OwnerIDFieldGoesHere"),$ownerid); $strPerm = GetUserPermissions(); if($strAction=="Edit" && !(strpos($strPerm, "E")===false) \|\| $strAction=="Delete" && !(strpos($strPerm, "D")===false) \|\| $strAction=="Search" && !(strpos($strPerm, "S")===false) \|\| $strAction=="Export" && !(strpos($strPerm, "P")===false) ) return $ret; else return "1=1"; return ""; }


M	markdorminy author 9/19/2006
	Thanks!!!! MD

2 replies

Mark as Solved Reply