Restricting access to user's own record [message #1094] |
Fri, 14 September 2007 10:20 |
adamsp
Messages: 32 Registered: July 2007
|
Member |
|
|
Tony
My Staff table has records on persons in the department and these can be edited via the "div_staff(upd1)" task. Currently, this task is available from the "div_staff(list1)" task. This menu structure allows any user to update the record of all other users. I want to allow the user to edit only their own record. To accomplish this, I want to let the user update their personal data from the "Menu" task (Home Page) where the user can also change their password ("mnu_user(upd)a" task. So I added "div_staff(upd1)" task to Navigation Buttons(1) under the "Menu" task. The selection now shows (as desired) but I get the message "Nothing has been selected yet" when clicking to update the staff record. How/where can I tell Radicore which staff record (the current user) to edit? Am I doing this correctly?
|
|
|
Re: Restricting access to user's own record [message #1095 is a reply to message #1094] |
Fri, 14 September 2007 11:50 |
AJM
Messages: 2371 Registered: April 2006 Location: Surrey, UK
|
Senior Member |
|
|
The UPDATE1 pattern expects the identity of the record which to be updated is passed down in the $where string. This is automatically populated when it is activated from a navigation button on a LIST1 or LIST2 pattern after a selection is made.
If the $where string does not contain the primary key of a record on the UPDATE1's table then it does not know which record to update, so it fails.
If you have added this task as a navigation button on the MENU task then the $where string is empty, which is why you are getting that error message.
You can get around this by inserting the following code into the _cm_initalise() method of mnu_user.class.inc:
function _cm_initialise ($where)
// perform any initialisation for the current task.
{
// this may be called from the home page, so insert user's id
if (empty($where)) {
$pattern_id = getPatternId();
if (eregi('upd1|enq1', $pattern_id)) {
$where = "user_id='" .$_SESSION['logon_user_id'] ."'";
} // if
} // if
return $where;
} // _cm_initialise
This will cause it to default to the current user's identity.
I shall make the same change in my version so that this code is not lost in the next release.
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
|
|
|