Restricting which records a user can access ?

[djb2002]

I'm wanting to allow a user to access a table in the database, but only those records where a particular field is set to '0'.

Is this possible ??

I want them to have full access to edit, delete, add, etc, but only those records where this field is equal to 0.

Thanks in advance,

Daniel

[davea0511]

You don't need to do that. The capability is built-in already. Just go to the administration and create a group where all the permissions are set to "Own" (instead of "no", "Owner", or "Group"). Then assign them to that group.

[djb2002]

Thanks for your reply.

I had assumed 'Own' meant records that they had created ??

How do I set it so that 'Own' means all records where a particular field is equal to a certain value ?

Thanks again,

Daniel

[djb2002]

Anyone any ideas ??

Thanks
Daniel

[a.gneady]

You could create a script to retrieve all records matching a specific condition (in this case, the field set to 0) and then change their owner to the user/group you want to grant full access to. That user/group should have full access to their group records rather than all records for the concerned table. You'd then need to run this script periodically to update the ownership info for any new records where the field is set to 0.

Ownership info is stored in the "membership_userrecords" table ... Here is a quick code example, but I didn't test it so it might have some bugs:

Code: Select all

<?php
	/* change these to configure the script */
	$table_to_monitor = "tablename";
	$primary_key_field = "id";
	$condition_for_changing_ownership = "fieldname=0";
	$new_owner_group_id = 3;
	$new_owner_username = "test_user";
	/* end of configuration */


	$currDir=dirname(__FILE__);
	require("$currDir/incCommon.php");
	
	$res = sql("select
			`$table_to_monitor`.`$primary_key_field`
		from
			`$table_to_monitor` left join
			membership_userrecords mu on (mu.tableName='$table_to_monitor' and mu.pkValue=`$table_to_monitor`.`$primary_key_field`)
		where ($condition_for_changing_ownership) and mu.memberID!='$new_owner_username' limit 100", $eo);
	
	$records = array();
	while($row = mysql_fetch_row($res)){
		$records[] = $row[0];
	}

	if(count($records)){
		$records_cs = implode(',', $records);
		sql("update membership_userrecords set memberID='$new_owner_username', groupID='$new_owner_group_id' where tableName='$table_to_monitor' and pkValue in ($records_cs)", $eo);
	}

You should place the above script in the "admin" folder and set up a cron job to run it periodically.

[djb2002]

Thanks for your reply - I will give this a go.

Is there any plans to add this a feature from within AppGini rather than having to use this manual method ? - It must be fairly straightforward to query the database and add an additional field=0 to the string for a certain user/group ??

Thanks
Daniel

[davea0511]

It would be nice if there was a gui way giving you a table with a checkbox for each record allowing you to change the ownership for an array of records. I could see that being extremely useful, say for example, creating a sign off loop for "approving" new-record submissions for mass consumption.