Gossamer Forum
Home : Products : DBMan : Customization :

Complex Authorization Schemes

Quote Reply
Complex Authorization Schemes
Hi Friendly DBMan Users and Pros-

I am attempting to implement a database which requires a slightly unusual authorization scheme. It goes like this:

1. Only ADMINS can add new records.
2. LOW-LEVEL users can only VIEW their OWN record. They cannot make any changes to the database and cannot see anything else in the database but their own record. Up to here I can easily configure DBMan.
3. HIGH-LEVEL users should be able to VIEW and MODIFY only PARTICULAR records specified by the ADMINS. The ADMINS may specify one or more records that can be viewed and modified by one particular HIGH-LEVEL user.

I am beginning to realize that this scheme probably requires the addition of a second "userid" type field that will contain the userids of the HIGH-LEVEL users authorized to view and modify that record. How though do I maintain the $auth_view_own=1 function in DBMan while implementing this?

Does anyone have any suggestions or better yet a tried-and-true fix? I am not sure if my suggested approach is the best to try.

Thanks,
Lauren Stegman
Quote Reply
Re: Complex Authorization Schemes In reply to
I'm not sure if I understand what you're trying to do, but from what I understood I'd do the following:

Add another permissions field to default.pass
ie.
# UserID : Password : View : Add : Del : Mod: Admin : HighLevel

Now you can use this checkbox like the rest. It'll take some hacking on different parts of the scripts, ie. ($per_highlevel). You just have to make sure you get in all the necessary modifications to make it as seamless as possible.