This topic is locked

Suggestion: Edit and Delete, admin only

8/19/2004 4:13:33 PM
ASPRunnerPro General questions
ngomong author

I just set up my first database with advanced security settings, so each user can only add and edit their own data.
What I'd like is for each user to be able to add data, but not edit or delete it.
So, on the main page, the edit and delete functions will be there for an admin, but for normal users, the options won't show up.
On "Step 7 of 12", you can choose whether or not Edit, Add, Delete, and View show up. What I envision is two rows of the same thing. One for normal users, one for admin.
Does that make sense?
Thanks!

ngomong author 8/19/2004

Well, I figured out an interim solution. Provided you have version 3.1a (beta) and the Advanced Security section set to "Users can see and edit their own data only", then...

  • Edit the file "Attendees_list.asp".
  • Scroll to near the bottom.
    Change:

Function CheckSecurity(strValue, strAction)
  if (cAdvSecurityMethod = ADVSECURITY_ALL and Session("AccessLevel")<>ACCESS_LEVEL_GUEST ) _

or Session("AccessLevel")=ACCESS_LEVEL_ADMIN or (strAction="Add" and Session("AccessLevel")<>ACCESS_LEVEL_GUEST) then

 CheckSecurity = True

 Exit Function

end if
if Session("AccessLevel")=ACCESS_LEVEL_GUEST then

 CheckSecurity = False

 Exit Function

end if
if cAdvSecurityMethod = ADVSECURITY_EDIT_OWN then

 if RemoveWrappers(Session("OwnerID"))=CStr(strValue) then

 CheckSecurity = True

 else

 CheckSecurity = False

 end if

else

 CheckSecurity = True

end if
End Function


To:

Function CheckSecurity(strValue, strAction)
  if (cAdvSecurityMethod = ADVSECURITY_ALL and Session("AccessLevel")<>ACCESS_LEVEL_GUEST ) _

or Session("AccessLevel")=ACCESS_LEVEL_ADMIN or (strAction="Add" and Session("AccessLevel")<>ACCESS_LEVEL_GUEST) then

 CheckSecurity = True

 Exit Function

end if
if Session("AccessLevel")=ACCESS_LEVEL_GUEST then

 CheckSecurity = False

 Exit Function

end if
if cAdvSecurityMethod = ADVSECURITY_VIEW_OWN then

 CheckSecurity = False

 Exit Function

end if
if cAdvSecurityMethod = ADVSECURITY_EDIT_OWN then

 if RemoveWrappers(Session("OwnerID"))=CStr(strValue) then

 CheckSecurity = True

 else

 CheckSecurity = False

 end if

else

 CheckSecurity = True

end if
End Function


Basically, you're just adding this snippet:



if cAdvSecurityMethod = ADVSECURITY_VIEW_OWN then

 CheckSecurity = False

 Exit Function

end if


No idea if this works of version 3.0. I haven't looked into the code it creates. I imagine it's pretty much the same.
While this works, it's a bit of a hack, since the columns for edit and delete will still show up. Plus, everytime you regenerate your code using AspRunner, these changes will get overwritten. (If you're not making major changes, you could just make this file read-only.)