Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE » How To » Restricting access to user's own record
Restricting access to user's own record [message #1094] Fri, 14 September 2007 10:20 Go to next message
adamsp is currently offline  adamsp
Messages: 32
Registered: July 2007
Member
Tony
My Staff table has records on persons in the department and these can be edited via the "div_staff(upd1)" task. Currently, this task is available from the "div_staff(list1)" task. This menu structure allows any user to update the record of all other users. I want to allow the user to edit only their own record. To accomplish this, I want to let the user update their personal data from the "Menu" task (Home Page) where the user can also change their password ("mnu_user(upd)a" task. So I added "div_staff(upd1)" task to Navigation Buttons(1) under the "Menu" task. The selection now shows (as desired) but I get the message "Nothing has been selected yet" when clicking to update the staff record. How/where can I tell Radicore which staff record (the current user) to edit? Am I doing this correctly?
Re: Restricting access to user's own record [message #1095 is a reply to message #1094] Fri, 14 September 2007 11:50 Go to previous message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
The UPDATE1 pattern expects the identity of the record which to be updated is passed down in the $where string. This is automatically populated when it is activated from a navigation button on a LIST1 or LIST2 pattern after a selection is made.

If the $where string does not contain the primary key of a record on the UPDATE1's table then it does not know which record to update, so it fails.

If you have added this task as a navigation button on the MENU task then the $where string is empty, which is why you are getting that error message.

You can get around this by inserting the following code into the _cm_initalise() method of mnu_user.class.inc:
    function _cm_initialise ($where)
    // perform any initialisation for the current task.
    {
        // this may be called from the home page, so insert user's id
        if (empty($where)) {
            $pattern_id = getPatternId();
            if (eregi('upd1|enq1', $pattern_id)) {
            	$where = "user_id='" .$_SESSION['logon_user_id'] ."'";
            } // if
        } // if

        return $where;

    } // _cm_initialise

This will cause it to default to the current user's identity.

I shall make the same change in my version so that this code is not lost in the next release.


Previous Topic: CONCAT ((SELECT ...),...) Error
Next Topic: _cm_post_getData
Goto Forum:
  


Current Time: Wed Nov 27 22:03:28 EST 2024

Total time taken to generate the page: 0.00949 seconds