Hi there.

I was wondering if there is a way to modify the following codes, so that when I change a database user their permissions, that they will have the same permissions as a default user.


(This is is my html_home sub-routine in html.pl.)

Basically, what I am trying to do is that let's say that User A has been trying to post mass ads that do not pertain to my database. I know I can change User A's permissions to "View" in the Admin Console. However, when User A logs in again, he/she will receive all those Unauthorized Action screens.

The code above basically sends the registered user no matter what their permissions are to the "Add Record" screen, which of course with the changed permissions, User A will not be able to add anything.

Is there a way to add some codes to the above codes that will either read permissions of the db_userid and/or send an email message to the User A that their permissions have been changed and they will only be able to search and view records, but will not be able to add, modify, or delete records??

I know this is a confusing request, but I have been playing around with different authorization schemes in the default.cfg as well as trying to edit the above code and nothing seems to work.

TIA.



Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

You could try this:

Instead of


use


The "bad" user will have lost his add permission and default users don't have add permission either.


------------------
JPD


PS The extra thread seems to be a UBB bug. I think we're gonna have to live with it.





[This message has been edited by JPDeni (edited August 23, 1999).]

Carol,

I don't know what I did, but could you please delete or close one of these redudant Topics.



Thanks.

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

Carol,

It worked like a charm. Thanks...

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

Carol,

Hi again!

<whining>
Well, it looks like I am stuck in rainy Flagstaff for the week! My car's sensors are all screwed up. There does not seem to be a problem with the radiator or engine, but the sensors indicate that the car is overheating. So, since we are a small city, we have limited resources and the repair shop won't be able to get a sensor until Friday! At least I can may be go on a short road trip this weekend!
</whining>



ANYWAY...I have just created another database program...this one is in conjunction with the Job Posting database...This one is a Resume Posting database.

I have set up the appropriate permissions to only allow Registered Users to add ONE record and modify and delete that ONE record.

My question is...Is there a way to change the codes in my first post in this Thread or add other codes so that when a Registered User adds a record, the only permissions they will see and have are "Modify Resume", "Delete Resume", and "Log Off". Then if they happen to delete their Resume and want to add a new Resume, the original permissions to add, modify, and delete their resume will appear.

I have made some quick and dirty changes to error messages in the add_record and validate_record sub-routines in db.cgi, since "duplicate key error" is a bit misleading and hard to understand for users. I changed the message to "You can Only Add One Resume".

But I was wondering if there is a more dynamic process that could be implemented.

Any thoughts?

Thanks.

Regards,


------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

You could try messing around with the .pass file, if you wanted. The user would be given only "add" permissions when they signed up and, after they added a record, they would be given "modify" and "delete" permissions. You would also have to give them back "add" permissions if they deleted their resume.

Another (simpler) way of going about it would be to require every user to have a resume on file. If they log in and no record is found, they would be taken immediately to the add form.

The sneaky part of this simpler way is to remove the "Add" link from the footer, so they don't see it as an option and to eliminate the footer from the add form so they don't have a chance to do anything else until they add a record.


------------------
JPD

Ah...That would work...I think. I am in the process of uploading the html.pl file to see if it works. Instead of removing the "Post Resume" (Add) link, I just edited it so that only the administrator will be able to see it.

Some people who do not have email addresses will need to find a way to add their resumes, and the only way I can think of is having people send me their resume and then enter the data into the database. So, I, as the administrator, will need access to the ADD FORM.

Let's see if it works....Yep! Works like a charm. The registered user accesses the Modify screen if they already have a Resume. If the registered user deletes their Resume, they can a new one by logging back into the system.

Very nice! Reduces confusion and a simple fix.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

I remember somebody asking for something similar quite a while back and I gave them a mod that would change the .pass file. It was BAD!!!! I had to go back in and add a warning not to use the mod.

I know a lot more now and it is doable, but this is so much easier. It is possible that someone could type the command into the Location window in their browser, but it won't do them any good in the long run because they'll get a duplicate key error anyway.

I thought about setting up the "Add" link as admin-only just as I hit the submit button before. I could have gone back and changed it, but I figured you'd think of it.

------------------
JPD

Carol,

Good points...That's what I was thinking of, too. However, it would be pretty tough for somebody to figure out what the URL is for the ADD FORM. I have changed names of my sub-routines to make it so that even the most astute DBMAN user will have challenges figuring out how to access screens in my systems.

So, this seems to work.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us