I want to leave you this time with some classes that will allow you to configure permissions by field in the details view.
It can be configured by User Group and by individual user.
If a group is blocked and the user is within the group, the user's permission does not matter since it is blocked by the group.
The class has two parts:
The first class is used to configure the DV on the client side, the field that cannot be edited is blocked and can also be hidden, the function returns an html code and goes inside the tablename_dv function inside the tablename.php in the hooks folder .
The other class is to check on the server side if the user somehow forces the sending of information. This function returns true or false and is placed in the tablename_before_update and tablename_before_insert functions inside tablename.php in the hooks folder.
The code is very simple to implement, it would be enough to copy and paste the same code within the indicated functions and that's it.
The configuration is also quite simple, you just have to fill in an array. The array is inside the same class and can be configured there, or with a bit of knowledge it can be placed in a part file and uploaded when needed.
Please always remember to make backup copies and do rigorous tests before uploading any code to production.
This is made with love for you. If you want, you can invite me for a coffee, it wouldn't hurt me.
script.php
Code: Select all
<?php
//Field Permissions hide / lock fields by usergroup and user
class FieldsPermissions
{
public static $permissions = [
"products" => [
"name" => [
"groups_disabled" => ["users"],
"users_disabled" => ["Ale"],
"hidden" => true
],
"due" => [
"groups_disabled" => ["Admins"],
"hidden" => true
],
],
"contacto" => [
"name" => [
"groups_disabled" => ["Admins", "users"],
],
"user" => [
"groups_disabled" => ["users", "Admins"],
"hidden" => false
]
],
"todos"=>[
"tarea" => [
"groups_disabled" => ["users"],
"users_disabled" => ["admin"],
"hidden" => false
],
"product"=>[
"groups_disabled" => ["users"],
"users_disabled" => ["admin"]
]
]
];
// format
// static $permissions = [
// "tablename" => [
// "fieldname" => [
// "groups_disabled" => ["usergroup",...],
// "users_disabled" => ["usernamer",...]
// ],
// "other fieldname" => [
// "groups_disabled" => ["usergroup",...],
// "hidden" => true
// ]
// ]
// ];
//this function returns a js code to block the client side fields
//used in tablename_dv function
public static function dv_field_permissions($tn = false, $memberInfo)
{
if (is_null(self::$permissions[$tn])) return true;
$fields_table = get_table_fields($tn); //AppGini internal function
foreach ($fields_table as $fn => $val) {
if (array_key_exists($fn, self::$permissions[$tn])) {
if (self::check_permissions(self::$permissions[$tn][$fn], $memberInfo)) {
$bloqued[] = "#{$fn}";
self::$permissions[$tn][$fn]['hidden'] && $hidden[] = ".form-group.{$tn}-{$fn}";
$select2[]="#s2id_{$fn}-container";
}
}
}
ob_start();
?>
<script>
$j(function() {
$j('<?php echo implode(", ", $bloqued); ?>').attr('readonly', 'true');
$j('<?php echo implode(", ", $hidden); ?>').hide();
setTimeout(() => { $j('<?php echo implode(", ", $select2); ?>').select2("enable", false)}, 1100);
})
</script>
<?php
return ob_get_clean();
}
//this function checks that the user does not try to force the value of the field.
//used in tablename_before_update function and tablename_before_insert
public static function update_fields_permission($tn = false, $memberInfo, $data)
{
if (is_null(self::$permissions[$tn])) return true;
$notChanges = true;
$fields_table = get_table_fields($tn); //AppGini internal function
//iterate through the fields of the table
foreach ($fields_table as $fn => $val) {
//check if one of the fields is in the configuration array
if (array_key_exists($fn, self::$permissions[$tn])) {
//search in blocked groups/users
if (self::check_permissions(self::$permissions[$tn][$fn], $memberInfo)) {
$where = self::where_construct($tn, $data['selectedID']); // generate the where id depending on the ID field
// get the database current value
$current_val = sqlValue("SELECT {$fn} FROM {$tn} WHERE {$where} "); //AppGini internal function
// compare the current value with the found field if they are different terminate and cancel UPDATE/INSERT
$notChanges = $current_val == $data[$fn];
if (!$notChanges) break;
}
}
}
return $notChanges;
}
private function check_permissions($data, $memberInfo)
{
return in_array($memberInfo["group"], $data['groups_disabled']) || in_array($memberInfo["username"], $data['users_disabled']);
}
private function where_construct($tn, $id)
{
$key = getPKFieldName($tn); //AppGini internal function
return $key ? "`{$key}`='{$id}'" : $key;
}
}
Code: Select all
function tablename_before_update(&$data, $memberInfo, &$args)
{
include_once('field_permission/script.php');
$notChanges = FieldsPermissions::update_fields_permission(pathinfo(__FILE__, PATHINFO_FILENAME), $memberInfo, $data);
return $notChanges;
//return TRUE;
}
Code: Select all
function tablename_dv($selectedID, $memberInfo, &$html, &$args)
{
include_once('field_permission/script.php');
$html .= FieldsPermissions::dv_field_permissions(pathinfo(__FILE__, PATHINFO_FILENAME), $memberInfo, $selectedID);
}