Any way of doing this.
I would like to search from a static htm page using default user permission, but only allow $auto_view_own when users loged in to add etc.
I was reading an old post along this line, answered by Alex, where he suggested a change to the permissions in sub query, or could you change the permissions in auth.pl.
thanks
Bob

You want registered users to see only their own records, but default users to see everyone's?

Could you find the post to which you refer where Alex gave an idea about it? I don't have the slightest notion about how to do this.


------------------
JPD

Ok the post I was refering to, which is along the same line is,
http://www.gossamer-threads.com/...um5/HTML/000390.html
This is not the same as I want to do things, but it may give you an idea.
I did think if a way to do this, let me know if this could work.
With $auth_view_own, the only way to search all is to have admin permissions.
So if we set up a dummy account with admin permissions, you can the use the dummy user name and password in the static search form, and also bypass the login and go straight to the search, which I got from another post.
Three problems with this,
Any one could take the user name and password from the static page, and get full admin access.
The search results would return with full admin links.
A log entry would be made every time a user searched from the static page.
I thought of somthing like this, as a block.
if ($db_userid qq dummy)
return
(forgive the syntax), put into the right places.
I hope theres an easier way.
thanks
Bob

Giving users admin permissions is really dangerous. Plugging up the holes it creates would be really tedious. There must be a better way of doing this.

Can you tell me why you want to have a default user able to view all records, but have a registered user only able to view his own? The only thing I can think of is that you want the registered user to be able to see his own records by just clicking a link. We can do that without doing the other stuff.


------------------
JPD

You might try looking in db.cgi, sub query, for


Change that line to


I don't know if it will work, but you can give it a shot.




------------------
JPD

Yep thats what I need.
Visitors who enter this section of the site will mainly wish to browse, and don't need to log on, hence the static search page.
If they wish they can take up the offer of 5 free records autodeleted after 60 days, after they sign up and become a member.
The database proper, would then become a members admin section, where they can add, delete and view, there own records.
If they wish to do a full search, then they would have to return to the static search page.
I need to get around dbmans permissions that disallow default users and $auth_view_own.
I'm also using the auto search mod.
thanks
Bob



[This message has been edited by lanerj (edited August 20, 1999).]

Thanks JPD, works fine. I was able to control the returned links by enclosing html_footer with, unless ($db_userid eq "default"){html_footer stuff}.
thanks
Bob