Radicore Forum: Menu and Security » Control visibility of records

Home » RADICORE development » Menu and Security » Control visibility of records

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Control visibility of records [message #559]

Tue, 23 January 2007 15:43

stephenboey
Messages: 54
Registered: January 2007

Member

Hi Tony,

The examples presented thus far are security for task (ie. screens, menu)

Is it possible to control visibility of records based on say company hierachy or user hierachy or a mixture of both?

Report message to a moderator

Re: Control visibility of records [message #560 is a reply to message #559]

Tue, 23 January 2007 19:55

AJM
Messages: 2390
Registered: April 2006
Location: Surrey, UK

Senior Member

No. You will need to modify each database table to include a field which identifies who can access that record, then have some mechanism to compare this field with the user_id (or user group or whatever) to find out if a particular user can access a particular record. Or if a user can view a record but not update or delete it.

Each case is quite unique, with different requirements, so it would be quite difficult to have something built into the framework to do it automatically. There are just too many possible variations.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Control visibility of records [message #583 is a reply to message #560]

Thu, 01 February 2007 19:27

stephenboey
Messages: 54
Registered: January 2007

Member

I've looked through your code to try and see how I can "compare this field with the user_id"

I am thinking of storing the logon details in a global.

Correct me if I am wrong..? seems like I have to code most of the filter conditions in those transaction pattern files that ends with .inc in the "include" directory. Shocked

In order to minimize changes, is it possible if I prefix the "where" conditions for that user id in dml.mysql.class.inc..... in which function?

I am just afraid that I might break something in the process if I make too many changes ya. Shall appreciate any helpful suggestions.

Report message to a moderator

Re: Control visibility of records [message #584 is a reply to message #583]

Fri, 02 February 2007 04:24

AJM
Messages: 2390
Registered: April 2006
Location: Surrey, UK

Senior Member

The identity of the current user is already stored in a global variable - take a look at http://www.tonymarston.net/php-mysql/functions-and-variables .html#session.logon_user_id

I would advise against modifying any of the standard files in the framework as they are used by every component within the application, and you could introduce no end of problems. This would make debugging more difficult, and cause you problems whenever a new version of the framework is released

This is custom code, and the correct place for custom code is inside a custom method within the relevant database table class. If you wish to modify the WHERE clause before a SELECT, such as by adding "user_id='$GLOBALS['logon_user_id']'", then you can do so in the _cm_preGetData() method (take a look at http://www.tonymarston.net/php-mysql/functions-and-variables .html#notes._cm_pre_getdata)

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: Control visibility of records [message #1936 is a reply to message #584]

Thu, 15 January 2009 11:20

AJM
Messages: 2390
Registered: April 2006
Location: Surrey, UK

Senior Member

It is possible to implement virtual private databases where each user is assigned to an account and each record on a table is also assigned to an account. In this way a user can only see that data which belongs to his/her account.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Previous Topic:	Setting up a limited user
Next Topic:	Jump Control

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Jun 11 10:55:12 EDT 2026

Total time taken to generate the page: 0.00777 seconds