2. PHPRunner General questions
  3. advanced security
This topic is locked

advanced security

 		12/13/2006 6:20:25 AM
PHPRunner General questions
T
 thesofa author

Hi

I have fiollowed the post about advanced security here that tells how to stop a record owner from seeing a record but allow all others to see and edit it.

I have got it working fine, I have one further twist I should like to add.

I would like users to be able to log on to a site and see none of their records.

They can see everyone else's records and they can edit all the other records.

How can I stop them adding records for other users?

The site is at www.rebyte.co.uk/wish

log in with a username of gunners and a pwd of musicman
you cannot see the wishlist contents of gunners, but you can see all the others.

now try Alfred and a pawd of cakeburner, he can add wishes to his list.

I need to be able to allow additions only to ones own wishlist, seeing all but ones own list and editing all but ones own list.

Please fell free to play with the site, just do not go mad or I will exceed my quota on the mysql server

How do I do it, my head hurts ATM

Thanks for help

G
Sergey Kornilov admin 12/15/2006

I'm afraid there is no direct or good answer to this question.
It looks like you need to modify several functions in several places. Take a look at the following functions in include/commonfunctions.php
GetUserPermissions

CheckSecurity

SecuritySQL
You can start by using Users can see and edit their own data only security mode however you need to modify the code to make it working the pther way (select all records except those that belong to me).
T
 		thesofa author 12/15/2006

I have done that as per the first post, and it works great.

Now I need to stop users adding to other peopl'e lists!!!
T
 		thesofa author 12/19/2006

Hi Alexy, have you managed to have any further thoughts on this one?
J
 		Jane 12/20/2006

Hi,
you can send me your files with database creation script. I'll take a closer look at this issue.