Page 1 of 1
Restricting which records a user can access ?
Posted: 2013-10-04 16:21
by djb2002
I'm wanting to allow a user to access a table in the database, but only those records where a particular field is set to '0'.
Is this possible ??
I want them to have full access to edit, delete, add, etc, but only those records where this field is equal to 0.
Thanks in advance,
Daniel
Re: Restricting which records a user can access ?
Posted: 2013-10-11 19:20
by davea0511
You don't need to do that. The capability is built-in already. Just go to the administration and create a group where all the permissions are set to "Own" (instead of "no", "Owner", or "Group"). Then assign them to that group.
Re: Restricting which records a user can access ?
Posted: 2013-10-11 21:32
by djb2002
Thanks for your reply.
I had assumed 'Own' meant records that they had created ??
How do I set it so that 'Own' means all records where a particular field is equal to a certain value ?
Thanks again,
Daniel
Re: Restricting which records a user can access ?
Posted: 2013-10-19 21:03
by djb2002
Anyone any ideas ??
Thanks
Daniel
Re: Restricting which records a user can access ?
Posted: 2013-10-20 17:32
by a.gneady
You could create a script to retrieve all records matching a specific condition (in this case, the field set to 0) and then change their owner to the user/group you want to grant full access to. That user/group should have full access to their group records rather than all records for the concerned table. You'd then need to run this script periodically to update the ownership info for any new records where the field is set to 0.
Ownership info is stored in the "membership_userrecords" table ... Here is a quick code example, but I didn't test it so it might have some bugs:
Code: Select all
<?php
/* change these to configure the script */
$table_to_monitor = "tablename";
$primary_key_field = "id";
$condition_for_changing_ownership = "fieldname=0";
$new_owner_group_id = 3;
$new_owner_username = "test_user";
/* end of configuration */
$currDir=dirname(__FILE__);
require("$currDir/incCommon.php");
$res = sql("select
`$table_to_monitor`.`$primary_key_field`
from
`$table_to_monitor` left join
membership_userrecords mu on (mu.tableName='$table_to_monitor' and mu.pkValue=`$table_to_monitor`.`$primary_key_field`)
where ($condition_for_changing_ownership) and mu.memberID!='$new_owner_username' limit 100", $eo);
$records = array();
while($row = mysql_fetch_row($res)){
$records[] = $row[0];
}
if(count($records)){
$records_cs = implode(',', $records);
sql("update membership_userrecords set memberID='$new_owner_username', groupID='$new_owner_group_id' where tableName='$table_to_monitor' and pkValue in ($records_cs)", $eo);
}
You should place the above script in the "admin" folder and set up a cron job to run it periodically.
Re: Restricting which records a user can access ?
Posted: 2013-10-27 11:34
by djb2002
Thanks for your reply - I will give this a go.
Is there any plans to add this a feature from within AppGini rather than having to use this manual method ? - It must be fairly straightforward to query the database and add an additional field=0 to the string for a certain user/group ??
Thanks
Daniel
Re: Restricting which records a user can access ?
Posted: 2013-11-05 17:44
by davea0511
It would be nice if there was a gui way giving you a table with a checkbox for each record allowing you to change the ownership for an array of records. I could see that being extremely useful, say for example, creating a sign off loop for "approving" new-record submissions for mass consumption.