limiting access based on variable

This topic is locked

limiting access based on variable	9/3/2008 10:08:11 AM
PHPRunner General questions
V vytb author Following the earlier topic at http://www.asprunner.com/forums/index.php?...art=#entry29573, I would like to limit the access to the users based on one identical variable in users table and in the tables to be accessed. Following the topic above, I should configure the security settings... However, I'm not sure if these settings will not conflict with other security settings and dynamic security settings - one username for the static and one for dynamic settings, admin rights in static for non admin for dynamic, etc. In case when user can have several of these values, he should be treated as admin in static permissions and there won't be any limitations (admin has access to all records). To me it would be much simpler, if it was possible to use an event on login or menu page to let access if variable in user table == variable in table to access? What code and where it should be? For example, in order to satisfy something like if ($values["user.city"] == $values["a.city"] and $values["user.city"] == $values["b.city"] and $values["user.city"] == $values["c.city"])

Mark as Solved Mark as not solved

7 replies


J	Jane 9/4/2008
	Hi, I'm not sure that I understand you. You can't use static and dynamic permissions at the same time. Also the easiest way to restrict user access based on the field value is to use User can see and edit their own records only security method on the Advanced security settings dialog on the Security tab


V	vytb author 9/4/2008
	Hi, I'm not sure that I understand you. You can't use static and dynamic permissions at the same time. Also the easiest way to restrict user access based on the field value is to use User can see and edit their own records only security method on the Advanced security settings dialog on the Security tab I have just asked if User can see and edit their own records only security method on the Advanced security settings dialog on the Security tab can be used together with dynamic permissions. Can't it? Second, using this method, if some of the users have two or more values of this variable, they should act under two or more usernames/paswords. Right? For example, this variable is 'city'. If user works in two or more cities, he should have two profiles to enter. Is there another solution? In addition, such user could not be assigned as admin in Advanced security settings, because you can only enter one admin. Am I right?


J	Jane 9/4/2008
	I have just asked if User can see and edit their own records only security method on the Advanced security settings dialog on the Security tab can be used together with dynamic permissions. Yes. you can only enter one admin. Am I right? No. You can set up one group of users as admin group. I'm not sure what does " users have two or more values of this variable" mean. Where does user have these variables: in the users table, in the main table, in the event code?


V	vytb author 9/4/2008
	I'm not sure what does " users have two or more values of this variable" mean. Where does user have these variables: in the users table, in the main table, in the event code? [/quote] Users from the particular city should see only records that correspond to the particular city. The 'city' is a variable in the users table as well as in the other tables. Some users have two or more values of this variable (two or more cities) in the users table. Evidently, records contain only one value (city). From what I understand, these users will see nothing unless their profiles split to contain only one 'city'. Is it the way to go?


J	Jane 9/5/2008
	Hi, yes, User can see and edit their own records only security method doesn't support multiple values as OwnerID. Try to edit SQL query manually in the List page: Before SQL query event on the Events tab. Here is just a sample: global $conn; $str = "select Fieldname from UsersTable where Username='".$_SESSION["UserID"]."'"; $rs = db_query($str,$conn); $data = db_fetch_array($rs); $arr = explode(",",$data["Fieldname"]);//parse value $where = ""; for ($i=0; $i<count($arr); $i++) $where.= "city='".$arr[$i]."' or ";//form where clause $where = substr($where,0,-3); $strWhereClause = whereAdd($strWhereClause,"(".$where.")");//add where clause to the SQL query


V	vytb author 9/22/2008
	Yes. No. You can set up one group of users as admin group. Do Advanced security settings support a group of users as admin group? In the settings, I see the possibility of one ID only... Do you mean a group of users under the same ID?


	Sergey Kornilov admin 9/22/2008
	"User can see and edit their own records only" security method only supports one owner (one user).

7 replies

Mark as Solved Reply