Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

Newbie: Permissions and relations

Apr 6, 2000, 3:27 PM
rcrossland
User (184 posts)
Apr 6, 2000, 3:27 PM
Post #1 of 9
Views: 2211
Shortcut
Quote Reply
Newbie: Permissions and relations
Hi,
I have two separate tables, I had wanted a user to have different permissions for each one, e.g. view only on one and add/view/modify on the other. I realised that they shared a password file, so created a second password file and pointed the cfg for the 2nd table to it. Problem is that the user record inherits the last updated permission so whenever I change I get the wrong permissions. Where is the obvious mistake. In time I will introduce some relationships but to begin with I'm happy to keep them separate. Both tables have userid in the same place and it is defined as userid, required and key field in both.
Thanks in advance - Rob
Apr 6, 2000, 3:48 PM
JPDeni
Veteran / Moderator (8669 posts)
Apr 6, 2000, 3:48 PM
Post #2 of 9
Views: 2146
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
The way to get around this is to do a little fudging in the html.pl file that you want to be "view only" for logged-in users.

In sub html_footer, at the end of every line for an action that you don't want your users to be able to perform, change

if ($per_...);

to

if ($per_admin);

Then, in each of the html_add..., html_modify... and html_delete... subroutines, add the following right at the beginning:

Code:
unless ($per_admin) {
&html_unauth;
return;
}

I have used this "fudge" successfully in my own database.


------------------
JPD






Apr 8, 2000, 5:58 AM
rcrossland
User (184 posts)
Apr 8, 2000, 5:58 AM
Post #3 of 9
Views: 2142
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
Thanks for that, works just fine. However, it still looks like they have the permissions etc. Do I need "separate" auth's to make it work correctly?
Thanks in advance,
Rob
Apr 8, 2000, 11:05 AM
JPDeni
Veteran / Moderator (8669 posts)
Apr 8, 2000, 11:05 AM
Post #4 of 9
Views: 2144
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
I don't understand

Quote:
it still looks like they have the permissions
etc.

Can you explain a little more, please?

------------------
JPD






Apr 9, 2000, 8:52 AM
rcrossland
User (184 posts)
Apr 9, 2000, 8:52 AM
Post #5 of 9
Views: 2147
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
Sure, sorry. The user appears to have the add/modify etc. permissions on the database home page. So even though you provided the code to prevent access it still appears that they have those permissions.
e.g.

Permissions: View Add Modify

They can only view. If I change the permission to view only then I lose the add permission I need on another table.

Any clearer?
Thanks.
Apr 9, 2000, 11:11 AM
JPDeni
Veteran / Moderator (8669 posts)
Apr 9, 2000, 11:11 AM
Post #6 of 9
Views: 2145
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
Did you change the code in sub html_footer?

I might have been unclear.

In sub html_footer, you will see:

Code:
print qq!<P align=center><$font>!;
print qq!| <A HREF="$db_script_link_url">Home</A> !;
print qq!| <A HREF="$db_script_link_url&add_form=1">Add</A> ! if ($per_add);
print qq!| <A HREF="$db_script_link_url&view_search=1">View</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&delete_search=1">Delete</A> ! if ($per_del);
print qq!| <A HREF="$db_script_link_url&modify_search=1">Modify</A> ! if ($per_mod);
print qq!| <A HREF="$db_script_link_url&view_records=1&$db_key=*">List All</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&admin_display=1">Admin</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&logoff=1">Log Off</A> |!;
print qq!</font></p>!;

In the html.pl file where you added the previous code, change the above lines to

Code:
print qq!<P align=center><$font>!;
print qq!| <A HREF="$db_script_link_url">Home</A> !;
print qq!| <A HREF="$db_script_link_url&add_form=1">Add</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&view_search=1">View</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&delete_search=1">Delete</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&modify_search=1">Modify</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&view_records=1&$db_key=*">List All</A> ! if ($per_view);
print qq!| <A HREF="$db_script_link_url&admin_display=1">Admin</A> ! if ($per_admin);
print qq!| <A HREF="$db_script_link_url&logoff=1">Log Off</A> |!;
print qq!</font></p>!;

This will prevent the links from printing out unless you, as admin, are logged in.


------------------
JPD






Apr 9, 2000, 12:05 PM
rcrossland
User (184 posts)
Apr 9, 2000, 12:05 PM
Post #7 of 9
Views: 2144
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
Yes,
Either I didn't notice (probably) or it was not clear last time. It's ok now. However Smile, Should I be using separate auth's to make it less fudge like? probably not as I really want to relate the data at some point!
Thanks again.
Apr 9, 2000, 3:11 PM
JPDeni
Veteran / Moderator (8669 posts)
Apr 9, 2000, 3:11 PM
Post #8 of 9
Views: 2135
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
No, don't use different auth directories. You're fine.

Basically, you're just saying that, even though the user has general permission to add records, he/she can't add records in this database.

Sorry for the confusion. Smile


------------------
JPD






Apr 9, 2000, 4:21 PM
JPDeni
Veteran / Moderator (8669 posts)
Apr 9, 2000, 4:21 PM
Post #9 of 9
Views: 2150
Shortcut
Quote Reply
Re: Newbie: Permissions and relations In reply to
I think I got it fixed. It's not as nice as it could be, I guess, but it seems to work now. Thanks for your patience and your help.


------------------
JPD