Radicore Forum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » RADICORE development » Application Development » Help/suggestions with record filtering by user
Help/suggestions with record filtering by user [message #1435] Wed, 09 July 2008 15:45 Go to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
I have table called 'people' that stores personal data (name, address etc.).
This table is filled by two types of users: schools and super_schools.

Each school should only be able to see the persons they have created, super_schools must see all records.

One same people record can be created by many schools: in this case the first one would do an insert and the following transactions would do nothing (or maybe update), but the second and third schools should also be able to see the 'people' record.

What do you suggest for this scenario?


Re: Help/suggestions with record filtering by user [message #1436 is a reply to message #1435] Wed, 09 July 2008 17:19 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
How do you identify the difference between 'school' users and 'super_school' users?

How can you identify that the current user belongs to the 'school' or 'super_school' category?

How can you identify the category of a user who created a record?


Re: Help/suggestions with record filtering by user [message #1437 is a reply to message #1436] Thu, 10 July 2008 04:40 Go to previous messageGo to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
AJM wrote on Wed, 09 July 2008 17:19

How do you identify the difference between 'school' users and 'super_school' users?
By role

How can you identify that the current user belongs to the 'school' or 'super_school' category?
My idea is to have a table with schools and that each school user's role is the same as the school name in the table. So to identify a school I can look for a record in 'schools' with name=user_role.

How can you identify the category of a user who created a record?
Same as above, check if their user_role is in the school table


Does that seem ok?
Re: Help/suggestions with record filtering by user [message #1438 is a reply to message #1437] Thu, 10 July 2008 05:26 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
If you are hoping that there is something in the Radicore framework that will achieve this automatically then you are out of luck. There are only two levels of security available:

(1) Task-level security, where a user either has permission to access a task, or he doesn't. When running a task there are no restrictions on which data can or cannot be accessed.

(2) In some cases several accounts can share the same database, but users within an account are restricted to data owned by that account. The data within the shared database is said to be partitioned by account. This can be implemented using the procedures documented in http://www.tonymarston.net/php-mysql/virtual-private-databas e.html.

Item (1) is a fundamental feature of Radicore and cannot be turned off. Item (2) is entirely optional and can be turned on when required.

What you seem to be asking for is outside the scope of either of these options, so cannot be implemented without changes in your database design and the addition of custom code.

Each 'person' record is restricted to a particular group of users, but can also be viewed by a 'super' user. This means that you must have a column on the 'person' table which identifies the class of the user who created it. Then when reading from the 'person' table you must identify the class of the user, and if he is 'restricted' you must add the following to the WHERE clause of the sql SELECT statement:
... AND class='user_class'

This can be done by adding the relevant code in the _cm_pre_getData() method.

In short, the framework cannot do what you want automatically, but it does not prevent you from inserting custom code which is tailored to your needs.


Re: Help/suggestions with record filtering by user [message #1439 is a reply to message #1435] Thu, 10 July 2008 06:41 Go to previous messageGo to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
sure it doesn't do what I want out of the box, I didn't expect that Smile
I'm trying a workaround, but I'm stuck here, maybe you can help:
When a school creates a person I use _cm_post_insertRecord to automatically insert a record in pers_school_xref with the person_id and the user_role, this way I know that the users that have that user_role can see the records.

The problem arises when a second school wants to create the same person, I'm trying to find a way in that no data is inserted in the person table, but a record is created in pers_school_xref with the person_id and the second school user_role.

I've tried to use _cm_post_insertRecord to check if the record exists, and if it does, then insert a record in pers_school_xref and launch an error message 'Person allready created' so that the person is not inserted again, but it is asigned to this school, the problem is that it rollbacks the insert in pers_school_xref.
Is there a way to save the record in pers_school_xref but not in person when a school tries to insert in person table?
Re: Help/suggestions with record filtering by user [message #1440 is a reply to message #1439] Thu, 10 July 2008 07:07 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
If you put anything into $this->errors then the update is deemed to have failed, in which a rollback will automatically be performed. If you want to issue a message which is not an error then use $this->messages instead.

If you want to prevent the insert of a duplicate record for a person then doing it in the _cm_post_insertRecord() method is too late as that is performed AFTER the insert. You should use the _cm_validateInsert() method which is performed BEFORE the insert. If you discover that the record is a duplicate then return an empty array - this will cause the INSERT to be skipped, but the original data will still be available in the _cm_post_insertRecord() method so that you can update the pers_school_xref table.


Re: Help/suggestions with record filtering by user [message #1441 is a reply to message #1435] Thu, 10 July 2008 08:35 Go to previous messageGo to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
Thanks for your help.
How can I access the original data in _cm_post_insertRecord()?
If the validation returns an empty array isn'the array that arrives as parameter to post_insertrecord empty?.
Re: Help/suggestions with record filtering by user [message #1442 is a reply to message #1441] Thu, 10 July 2008 09:03 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
If you look inside the insertRecord() method you will see that $fieldarray is copied to $insertarray, and while $insertarray is used by the _cm_validateInsert() method it is $fieldarray which is used by the _cm_post_insertRecord() method.

Re: Help/suggestions with record filtering by user [message #1443 is a reply to message #1435] Thu, 10 July 2008 09:31 Go to previous messageGo to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
I must be doing something wrong because in post_insertRecord I get a NULL value for $fieldarray['participante_id'];
Any idea why?

	function _cm_validateInsert($rowdata){

		$part = new participante;
		$existe_participante = $part->getCount("catsalut='".$rowdata['catsalut']."'");
		
		if ($existe_participante > 0){
			
			$this->messages['participante_existe'] = "Participante ya dado de alta en el sistema, no se han modificado datos existentes";
			return null;
		}
		return $rowdata;
	}

	function _cm_post_insertRecord($fieldarray)

	{
		require_once 'classes/entidad.class.inc';
		$entidad = new entidad;       
	    $entidad->sql_select = 'entidad_id';
		$entidad_id = $entidad->getData("nombre='" .$_SESSION['role_id'] ."'");	

		
		
		
        require_once 'classes/part_ent_xref.class.inc';
		$part_ent_xref = new part_ent_xref;       
		$insert_array['participante_id'] = $fieldarray['participante_id'];
		$insert_array['entidad_id'] = $entidad_id[0]['entidad_id'];

		$insert_array = $part_ent_xref->insertOrUpdate($insert_array); 
		
		if ($part_ent_xref->errors){
			$this->errors = $part_ent_xref->errors;
			return $fieldarray;
		}
		return $fieldarray;
	}
Re: Help/suggestions with record filtering by user [message #1444 is a reply to message #1443] Thu, 10 July 2008 09:56 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
Is that value in the array that is passed TO the insertRecord() method? If not, where does it come from?

Re: Help/suggestions with record filtering by user [message #1445 is a reply to message #1444] Thu, 10 July 2008 10:12 Go to previous messageGo to next message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
participante_id is a field of the record that is being inserted. It is an autoincrement and the primary key of the table, so now I see why it's null. Anyway I tried adding this code:
	if (is_null($fieldarray['participante_id'])){
				$part = new participante;
				$part->sql_select = 'participante_id';
				$participante_id = $part->getData("catsalut='".$fieldarray['catsalut']."'");
			
		}else{
			$participante_id = $fieldarray['participante_id'];
		}


to

	function _cm_post_insertRecord($fieldarray)

	{
		require_once 'classes/entidad.class.inc';
		$entidad = new entidad;       
	    $entidad->sql_select = 'entidad_id';
		$entidad_id = $entidad->getData("nombre='" .$_SESSION['role_id'] ."'");	

		
		
		
        require_once 'classes/part_ent_xref.class.inc';
		$part_ent_xref = new part_ent_xref;       
		
		if (is_null($fieldarray['participante_id'])){
				$part = new participante;
				$part->sql_select = 'participante_id';
				$participante_id = $part->getData("catsalut='".$fieldarray['catsalut']."'");
			
		}else{
			$participante_id = $fieldarray['participante_id'];
		}
		 
		
		$insert_array['participante_id'] = $participante_id;
		$insert_array['entidad_id'] = $entidad_id[0]['entidad_id'];
		$insert_array = $part_ent_xref->insertOrUpdate($insert_array); 
		
		if ($part_ent_xref->errors){
			$this->errors = $part_ent_xref->errors;
			return $fieldarray;
		}
		return $fieldarray;
	}


but I get a null value in $fieldarray['catsalut'], catsalut is a field of the record that is being added.

Your help is really apreciated.
Re: Help/suggestions with record filtering by user [message #1446 is a reply to message #1445] Thu, 10 July 2008 11:06 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
You are confusing me. If 'participante_id' is filled in when a new record is created then you are creating a NEW record and not preventing the creation of a duplicate.

If you require this to be the value from an existing record (ie: the record for which this would be a duplicate) then you must have code which reads the database to provide this value. If this code is already in the _cm_validateInsert() method and you do not want to duplicate in the cm_post_insertRecord() method then you must save it in a class variable so that it is available without being passed in one of the arguments.


Re: Help/suggestions with record filtering by user [message #1447 is a reply to message #1445] Thu, 10 July 2008 11:09 Go to previous messageGo to next message
AJM is currently offline  AJM
Messages: 2371
Registered: April 2006
Location: Surrey, UK
Senior Member
Where does the value for 'catsalut' come from? Is it within the $fieldarray which is passed into the insertRecord() method?

Re: Help/suggestions with record filtering by user [message #1448 is a reply to message #1435] Thu, 10 July 2008 11:27 Go to previous message
bonzo_bcn is currently offline  bonzo_bcn
Messages: 152
Registered: June 2008
Senior Member
I think so. 'catsalut' is a field of the record that is being pseudo-created (the user is trying to create it but it will only create a record in the xref table).

I've implemented a class variable and the problem was solved. Thanks a million.

[Updated on: Thu, 10 July 2008 11:44]

Report message to a moderator

Next Topic: Problem with two list1 transactions on one table
Goto Forum:
  


Current Time: Wed Nov 27 07:38:02 EST 2024

Total time taken to generate the page: 0.01395 seconds