Special Rights for Different Users

This topic is locked

Special Rights for Different Users	9/17/2007 9:37:34 AM
PHPRunner General questions
D dieter author I have a table _locations with about 30 different records. I have a table _members_in_location with group ID from _locations, so they belong to the Location. The Table _users has a group id from _locations so that they can edit only their own location. What I want to do is to give some users the right to add or edit Members in some (not all !) other locations. e.g. something like this: I write a new field in Users with more then one ID (1,4,12,29) then this user should be able to edit all members in location with ID 1, 4, 12 and 19. is something like this possible for example in AfterSuccesfulLogin () or any other way ? Best greetings Dieter

Mark as Solved Mark as not solved

9 replies


	Sergey Kornilov admin 9/17/2007
	You can use BeforeProcessRowList event for this purpose. Set $row["1editable"] variable to true for those records you want to be editable: The following code snippet makes editable all records on the list page starting with number 5. You can use this function to apply your logic. `function BeforeProcessRowList(&$data) { global $row,$recno; $row["1editable"] = $recno>=5; return true; } // function BeforeProcessRowList`


D	dieter author 9/17/2007
	You can use BeforeProcessRowList event for this purpose. Set $row["1editable"] variable to true for those records you want to be editable: The following code snippet makes editable all records on the list page starting with number 5. You can use this function to apply your logic. `function BeforeProcessRowList(&$data) { global $row,$recno; $row["1editable"] = $recno>=5; return true; } // function BeforeProcessRowList` <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=21440&image=1&table=forumreplies' class='bbc_emoticon' alt=':(' /> Sorry I forget to mention that I uses PHPRunner V. 3.1


	Sergey Kornilov admin 9/17/2007
	Dieter, in this case you need to modify generated code manually. I think upgrading to PHPRunner 4.1 is not a bad idea after all.


D	dieter author 9/18/2007
	Dieter, in this case you need to modify generated code manually. I think upgrading to PHPRunner 4.1 is not a bad idea after all. Is there nothing I can do with this code ? function AfterSuccessfulLogin() { global $conn $strSQL $a; $str="select berechtigungen from _User where Name='".$_SESSION["UserID"]."'"; $rs=db_query($str,$conn); $data=db_fetch_array($rs); $_SESSION["Berechtigungen"]=$data["berechtigungen"]; $a = explode (",",$_SESSION["Berechtigungen"]); //now in Array $a there are the IDÂ´s which I also use for OwnerID. Perhaps I can now do something with this eg. if (in_array($_SESSION["OwnerID"],$a)) { do something... } } ... but I don't know what to do ? Perhaps anyone has an Idea for a workaround? Thanks Dieter.


D	dieter author 9/20/2007
	modify generated code manually how ? I've no Idea. Dieter


	Alexey admin 9/20/2007
	Dieter. not really sure what is your question here. What are you trying to do ? Please clarify.


D	dieter author 9/20/2007
	Dieter. not really sure what is your question here. What are you trying to do ? Please clarify. I try to explain it more clearly. 1st Table: (_Location) with Street, Town, phonenumber, locationID This Table is Mastertable with locationID 2nd Table: (_members) with Name, Forename, Age, profession, membersID, locationID (from location) This ist Detailstable 3rd Table: (-users) for the rights with Name, password, ID, GroupID, locationID, rights (in this field I can write locationIDÂ´s) 4th Table: (_group) with groupname (admin, normal user), ID From 1st and second Table IÂ´ve built a tableview for the different Groups to edit or view. A user can edit his own members, can see the others (comes with OwnerID = locationID) I want to have some users they can add and edit his own members and some other members from specified locations sored in the field rights. I hope I explained it understandable. <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=21516&image=1&table=forumreplies' class='bbc_emoticon' alt=':unsure:' /> Dieter.


D	dieter author 9/21/2007
	Sorry I forgot, In the Moment the normal user can add,edit,delete his own members (from his location) Admin can add edit delete all members from all locations. Dieter


	Alexey admin 9/21/2007
	Dieter, I see what you saying. Here is what you can do. Save your users.rights field contents in some session variable in After successfulLogin event. I.e. $_SESSION["rights"]=$data["rights"]; Build the pages and modify CheckSecurity function in generated include/commonfunctions.phpfile. Here is the snippet you need to modify there: if($strTableName=="members") { if(( $strAction=="Edit" \|\| $strAction=="Delete") && !((string)$SESSION["".$strTableName."_OwnerID"]===(string)$strValue)) return false; } add checking of $strValue against $_SESSION["rights"] there. Also you'll need to add some code to Before record updated/added events to avoid writting of user's LocationID to members.LocationID field.

9 replies

Mark as Solved Reply