Add Forward in the Table permissions for this user

[joshianjvj83]

I would like to add a new option, in addition to the existing View, Edit, and Delete functionalities, for each user in our document tracking system This new option should allow users with the Permission (typically users with ALL access across different groups) to forward a document from the Document Table to another group. The forwarded document should then be accessible only to the designated group and non-forwarded documents will remain as is

Could this be implemented, and guidance will be greatly appreciated

[onoehring]

Hi,

first, I would suggest naming the button not "forward", but "assign group" or so.

In general you could:
create a button that is shown next to the other buttons.
Put this button into a PHP statement that checks, IF the user is able to "assign group" for the document. If "yes": Show button (dynamically add JS code to your page), if "not": do not show button.
Once the button is pressed, call a php script:
change owner group of record
maybe: return to record of parent-record (where the button was pressed)

For security you should always check when you "assign group" with that php script, if the current user is actually allowed to assign the group. (Maybe someone simply grabbed the JS code and/or tries to execute the php file on it's own.


The code COULD be something like this (not tested). Note: This code is using the bizzworx appgini helper (https://appgini.bizzworxx.de/products/j ... t-library/) from Jan.

I suggest writing this JS code into the footer section of you file hooks/tablename.php similar to this

Code: Select all

$footer = '<%%FOOTER%%>';
if (USER_IS_ALLOWED_ASSIGN_GROUP) {

	$footer ='
	<script>
		// START Extra Button in Details 
		var documentCode = $j("input[name=SelectedID]").val();
		var assignGroupBaseURL = "assigngroup.php?send=1&Table=YOUR_TABLENAME&SelectedID=";
		var assignGroupTarget = assignGroupBaseURL.concat(documentCode);
		var dv = AppGiniHelper.DV;
		var myLinks = dv.ActionButtons();
		var group = myLinks.addGroup("");
		group.addLink("Assign Group", assignGroupTarget, Variation.Info);
		//group.addLink("some other link", "/URLtarget.php", Variation.Info);
		// END Extra Button 
	</script>';

	$footer .= '<%%FOOTER%%>';		// add regular footer
}

Then you have the file assigngroup.php (place this in the hooks directory)

Code: Select all

<?php
if (USER_IS_ALLOWED_ASSIGN_GROUP) {

	$SelectedIDSafe = isset($_GET['SelectedID']) ? makeSafe($_GET['SelectedID']) : '';
	$TableSafe = isset($_GET['Table']) ? makeSafe($_GET['Table']) : '';
	$NewGroupSafe = isset($_GET['NewGroup']) ? makeSafe($_GET['NewGroup']) : '';

	if ($NewGroupSafe != '' && $TableSafe != '' && $SelectedIDSafe != '') 
	{
		// assign (new) group
		$sql = "update membership_userrecords set groupID = '" . $NewGroupSafe . "' where (YOUR_PRIMARYKEY_FIELD_NAME = '" . $SelectedIDSafe . "' and tableName = '" . $TableSafe .
		"');
		$result = SQLValue($sql);


		// directly back to previous page
		$baseURL = '/YOUR_TABLENAME.php?SelectedID=' $SelectedIDSafe;
		$target = $baseURL;
		$actual_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://";
		$actual_link.= $_SERVER['SERVER_NAME'] . $target;
		header("Location: $actual_link",TRUE,307);   //use absolute URL 
		die();
		exit;


	} else {
<!--
	.... here create HTML code to display all groups you want in a dropdown named 'NewGroup' with the value of groupID 
	... (source: AG table membership_groups, like this "SELECT groupID,name FROM `view_membership_groups` WHERE groupID > 2" 
	.... this does not include anonymous and admin groups) ....
	.... pass variable $SelectedIDSafe as HIDDEN field names 'SelectedID' in the form ......
	.... call this file again from the FORM tag ...

	... example (generated with this https://beautifytools.com/html-form-builder.php ):
-->		
		
	<form action="/hooks/assigngroup.php" method="get" target="_blank">		
		<div class="rendered-form">
			<input type="hidden" name="SelectedID" value="99999" access="false" id="SelectedID">
			<input type="hidden" name="Table" value="yourtable_optinal_instead_of_js" access="false" id="Table">
			<div class="formbuilder-select form-group field-NewGroup">
				<label for="NewGroup" class="formbuilder-select-label">New Group<span class="formbuilder-required">*</span><span class="tooltip-element" tooltip="Assign to the following group ">?</span></label>
				<select class="form-control" name="NewGroup" id="NewGroup" required="required" aria-required="true">
					<option disabled="null" selected="null">select target group</option>
							
<!-- you will need to fill the options dynamically e.g. with the SQL above -->
					
					<option value="groupID_3" id="NewGroup-0">diggers</option>
					<option value="groupID_4" id="NewGroup-1">crawlers</option>
					<option value="groupID_5" id="NewGroup-2">wings</option>
				</select>
			</div>
			<div class="formbuilder-button form-group field-submit">
				<button type="button" class="btn-default btn" name="submit" value="submit" access="false" style="default" id="submit">Assign</button>
			</div>
		</div>
	</form>
		
	}

}
?>

I hope this helps for now

Olaf