2. PHPRunner General questions
  3. Restricting access by user group
This topic is locked

Restricting access by user group

 		9/11/2007 9:54:40 AM
PHPRunner General questions
K
 kathykelley author

I am new to PHPRunner but so far have found it very good.
I have a project where my users are broken into 4 groups (regions). When users log in, they should only see schools that are in the same region as the user is assigned. (School table also has a region field). How to I restrict access when displaying school information (list)?
Also, there are some users who are superusers and can see all records.
user_table

  • username
  • password
  • region
  • superuser (yes/no)
    School_table
  • School_id
  • schoolname
  • region
    Also, there are 2 detail tables that have school as the master. (Students and contacts). How do I restrict access to these tables? Do I need to create views?
    Currently I have the entire system built without security so I was using the tables without views. I have put a lot of work into building the screens for edit/view etc and I dont really want to have to redo all this work. Is there a way to save it and use it in the views (if they have to be created?
    Thanks in advance for the help.
Sergey Kornilov admin 9/11/2007

Kathy,
you don't have to redo anything.
Proceed to security tab and enable login page. Use Advanced Security settings to allow users see their own data only.

Use User Group Permissions to setup an admin group.
K
 		kathykelley author 9/11/2007

Thank you. I was able to get that working.
I have a question with regards to my master, details relationship
School (schoolid,region) ->> Students (linked by schoolid)

School (schoolid,region ) ->> contacts (linked by schoolid)
When a user looks at the students table, how should I restict access to only those students or contacts in a school who's region matches the region of the users?
Also, I would like to be able to have multiple users with admin privs. Is this possible? where would I have to change the code
M
 		michaelmac 9/11/2007

For user login you will need something like I am using.. then match up the data accordingly.. depending on admin/teachers/students/texts.. even classrooms
I use a billTo for the main ID..

I use a shipTo like you would use a region
For users I have three levels of being able to log in.

I use the groupID model that is in the tutorials on the website
I use GroupId="admin" to access certain records.. like the regions ( can access all the school with that billTo ID

I use GroupID="manager" to access on that ONE region (like a school, can access ONLY the things tied to that shipTo ID)
I hope this helps. I built two projects so I could split them
Good Luck
Mike

Thank you. I was able to get that working.

I have a question with regards to my master, details relationship
School (schoolid,region) ->> Students (linked by schoolid)

School (schoolid,region ) ->> contacts (linked by schoolid)
When a user looks at the students table, how should I restict access to only those students or contacts in a school who's region matches the region of the users?
Also, I would like to be able to have multiple users with admin privs. Is this possible? where would I have to change the code