All,
My app is up and working (http://ada.abernyte.org) but I have a new requirement - a pretty big one. I've searched the forum and am not sure I can find anything relevant.
By default, all records on all tables are publicly viewable, but now I've got the requirement to make certain records on X tables to only be readable by a certain group of users. Is such row-level security possible?
We'd like to keep all our records public, but have the ability to set any of them to "private" via DB flag/whatever process, which would then only show them to a certain group of users.
Anyone have any ideas?
Many thanks!
A.
Restricted Records
Re: Restricted Records
What version are you using?
And it is really easy to do. Go into admin and set what the group can see. If that does not work then you can code it elsewhere to limit who sees what.
If you want to set it by a flag that is very very easy then. You can code it to look at the flag and not display that record if the flag is set.
Basically you would use an if then type statement to check.
Alan
And it is really easy to do. Go into admin and set what the group can see. If that does not work then you can code it elsewhere to limit who sees what.
If you want to set it by a flag that is very very easy then. You can code it to look at the flag and not display that record if the flag is set.
Basically you would use an if then type statement to check.
Alan
Calgary, Alberta, Canada - Using Appgini 5.50 -
-
- Veteran Member
- Posts: 67
- Joined: 2015-06-06 12:10
Re: Restricted Records
Hi Alan, thanks for the quick reply! I'm just re-building using latest version as we speak. The prod site is one version behind current. I try to keep it up to date!
I've checked out the admin area - we need to offer more granularity than it provides, I think.
I like the flag method - we'd have a dropdown (or similar) "Private" field on each table with either Y or N as possible values, and would somehow - that's the bit I'm missing - interrogate this prior to displaying the records - e.g.
IF private_field = N THEN cool - ignore this code/show all records
IF private_field = Y AND logged_in_group = Anonymous THEN don't show records.
IF private_field = Y AND logged_in_group = executive THEN show records.
Problem is - where on earth would you even start to add this code? Any ideas?
Thanks!
I've checked out the admin area - we need to offer more granularity than it provides, I think.
I like the flag method - we'd have a dropdown (or similar) "Private" field on each table with either Y or N as possible values, and would somehow - that's the bit I'm missing - interrogate this prior to displaying the records - e.g.
IF private_field = N THEN cool - ignore this code/show all records
IF private_field = Y AND logged_in_group = Anonymous THEN don't show records.
IF private_field = Y AND logged_in_group = executive THEN show records.
Problem is - where on earth would you even start to add this code? Any ideas?
Thanks!
Re: Restricted Records
I would guess that all of this is already built in and could be utilised by modifying the group / membership system.
Have you looked at Admin area > Members > View members records?
You could add group ownership to any single record and adjust visibility of that record in the Groups section.
Have not tested myself, though.
Have you looked at Admin area > Members > View members records?
You could add group ownership to any single record and adjust visibility of that record in the Groups section.
Have not tested myself, though.
-
- Veteran Member
- Posts: 67
- Joined: 2015-06-06 12:10
Re: Restricted Records
Thanks for the thoughts - pretty sure it can't be done in the existing admin system, with my setup.
If I assigned all the records to the anonymous/guest user and set their group visibility to "group" only - so they only saw records in their group, then when I wanted to hide a record, set it's ownership to something else - another group - that might work. Will need to test.
Feels odd though, assigning all records to the anonymous group/user.
If I assigned all the records to the anonymous/guest user and set their group visibility to "group" only - so they only saw records in their group, then when I wanted to hide a record, set it's ownership to something else - another group - that might work. Will need to test.
Feels odd though, assigning all records to the anonymous group/user.