2. PHPRunner General questions
  3. Problem with 'Edit' link
This topic is locked

Problem with 'Edit' link

 		9/27/2007 03:47:54
PHPRunner General questions
D
 dieter author

I use Demo PHPRunner 4.

  1. Table: workplace (adress, phone, fax, workplaceID)
  2. Table: worker (name, age, position, ID, workplaceID (from workplace))
  3. Table: user (name, password, allowed, userID, workplaceID)
    in "allowed" there are several workplaceID´s, comma separated (array)

    Depending on the OwnerID of the user (which is workplaceID) , normal Users can "edit their own and see others" in security Tab.
    In the worker_list I´ve made some rows editable:
    function BeforeMoveNextList(&$data)
    $a=explode (",",$_SESSION["allowed"])
    if (in_array($data["workplaceID"] ,$a))

    {

    $row[1editable]=true;

    }
    .... and I get the link "edit" and the "checkbox" in the row ($_SESSION["allowed"] comes from after SuccesfulLogin event).

    Although I made some rows editable, when the User clicks on edit he gets an empty edit mask and no Data are provided.

    Only when the Users and the workers workplaceID´s are the same, he can edit the workers data.
    what is wrong.
    Thanks
    Dieter
Alexey admin 9/27/2007

Dieter,
you need to edit CheckSecurityfunction in generated include/commonfunctions.php file to allow users editing records that not equal their workplaceID.
D
 		dieter author 9/27/2007

Please help.
where and what ?
I think somewhere in this area:
function CheckSecurity($strValue, $strAction)

{

global $cAdvSecurityMethod, $strTableName;

if($_SESSION["AccessLevel"]==ACCESS_LEVEL_ADMIN)

return true;
if($strTableName=="_worker")

{

if(( $strAction=="Edit" || $strAction=="Delete") && !((string)$SESSION["".$strTableName."_OwnerID"]===(string)$strValue))

return false;

}

if($strTableName=="_workplaces")

{

if(( $strAction=="Edit" || $strAction=="Delete") && !((string)$SESSION["".$strTableName."_OwnerID"]===(string)$strValue))

return false;

}

// check user group permissions

$strPerm = GetUserPermissions();

if($strAction=="Add" && !(strpos($strPerm, "A")===false) ||

$strAction=="Edit" && !(strpos($strPerm, "E")===false) ||

$strAction=="Delete" && !(strpos($strPerm, "D")===false) ||

$strAction=="Search" && !(strpos($strPerm, "S")===false) ||

$strAction=="Export" && !(strpos($strPerm, "P")===false) )

return true;

else

return false;

return true;

}
D
 		dieter author 9/27/2007

Hello,
I tried
...
if(( $strAction=="Edit" || $strAction=="Delete") && !((string)$SESSION["".$strTableName."_OwnerID"]===(string)$workplaceID))

return false;
...
but then the edit links on listpage were gone away .
Thanks
Dieter
Alexey admin 9/28/2007

Dieter,
yes, you found proper snippet.

You need to replace it with something like this:

if( $strAction=="Edit" || $strAction=="Delete")

{

$a=explode (",",$_SESSION["allowed"]);

if (!in_array($strValue ,$a) && !((string)$SESSION["".$strTableName."_OwnerID"]===(string)$strValue))

return false;

}