Gossamer Forum
(Advanced Search)
for
Home : Products : DBMan : Customization :

determining owner of record

Aug 4, 2003, 1:09 PM
delicia
Enthusiast (661 posts)
Aug 4, 2003, 1:09 PM
Post #1 of 7
Views: 4269
Shortcut
Quote Reply
determining owner of record
one step forward, two steps back.

i want to display special text next to each record in List All if the user looking at the record has permission to modify the record. No text or different text should appear next to records for which this person does not have permission to modify. i have $auth_modify_own = 1 and $auth_view_own = 0. i added the following code right before the closing table tag in db.cgi, sub build_html_record:

Code:


if ($per_mod && $instmod) {

my ($restricted);

($restricted = 1) if ($auth_modify_own && !$per_admin && ($db_userid ne $rec{$field[$auth_user_field]}));

if (!$restricted) {


i can't get $db_userid part of this to work and i've tried a jillion things. i want to compare the logged in user (i thought this is $db_userid) to the record owner. what am i doing wrong?

Last edited by:

delicia: Aug 4, 2003, 2:05 PM
Aug 5, 2003, 12:56 AM
LoisC
Veteran / Moderator (3034 posts)
LoisC's avatar
Aug 5, 2003, 12:56 AM
Post #2 of 7
Views: 4183
Shortcut
Quote Reply
Re: [delicia] determining owner of record In reply to
Try using this:

|;
print qq! <A HREF="$db_script_url?db=default&uid=$db_uid&modify_form_record=1&modify=$rec{$db_key}">Modify</A> ! if ($per_mod);
print qq|

change the name of the database to match yours.

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/
Aug 5, 2003, 2:05 PM
delicia
Enthusiast (661 posts)
Aug 5, 2003, 2:05 PM
Post #3 of 7
Views: 4185
Shortcut
Quote Reply
Re: [LoisC] determining owner of record In reply to
wouldn't that link appear with the record even if the current user is not the owner of the record? then when they click the link they would get some kind of error message? or worse, they would get the error message after they entered changes?
Aug 6, 2003, 2:26 AM
LoisC
Veteran / Moderator (3034 posts)
LoisC's avatar
Aug 6, 2003, 2:26 AM
Post #4 of 7
Views: 4164
Shortcut
Quote Reply
Re: [delicia] determining owner of record In reply to
It should only appear if that user who is logged in has permission to modify the record.

Did you try it?

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/
Aug 6, 2003, 5:27 AM
delicia
Enthusiast (661 posts)
Aug 6, 2003, 5:27 AM
Post #5 of 7
Views: 4181
Shortcut
Quote Reply
Re: [LoisC] determining owner of record In reply to
i was in meetings all day yesterday and didn't get to try it or do anything else on the database. i'll be in meetings today tilll 3 so i'll try it later. thanks.
Aug 7, 2003, 1:30 PM
delicia
Enthusiast (661 posts)
Aug 7, 2003, 1:30 PM
Post #6 of 7
Views: 4161
Shortcut
Quote Reply
Re: [delicia] determining owner of record In reply to
finally had time to try it. it displays the link even if the current user is not the owner. when you click the link you are able to make changes on the form. then when you click the button to save your changes, you get an error "unable to find record" if you are not the owner. no error and no problem if you are the owner.
Aug 8, 2003, 1:05 PM
delicia
Enthusiast (661 posts)
Aug 8, 2003, 1:05 PM
Post #7 of 7
Views: 4161
Shortcut
Quote Reply
Re: [delicia] determining owner of record In reply to
finally have it working!!!

in cfg file, i changed field type from alpha to userid for the userid field and i changed field type to lock for a yes/no field named Locked. i also have two variables $instmod and $instdel to indicate whether instant modify and delete are allowed.

then in db.cgi, near beginning of build_html_record i added the first line and the last two lines below:

Code:


my ($owner, $lock);

$output = "<p><table border=0 width=450>";

foreach $field (@db_cols) {

if ($db_sort{$field} eq 'userid') { $owner = $rec{$field} ; }

if ($db_sort{$field} eq 'lock') { $lock = $rec{$field} ; }


then right before closing table in same sub i added:

Code:


if ($per_mod && $instmod) {

my ($restricted);

($restricted = 1) if ($lock eq 'yes' && !$per_admin);

($restricted = 1) if ($auth_modify_own && !$per_admin && ($db_userid ne $owner));

# if (!$restricted && !$in{'delete_record'} && !$in{'delete_search'} && !$in{'delete_form'}) {

if (!$restricted) {

$output .= qq~<tr><td></td><td><form ENCTYPE="multipart/form-data" action="$db_script_url" METHOD="POST" name="form1">~;

$output .= qq~<input type=hidden name="db" value="$db_setup">~;

$output .= qq~<input type=hidden name="uid" value="$db_uid">~;

$output .= qq~<input type=hidden name="modify" value="$rec{$db_key}">~;

$output .= qq~<input type="SUBMIT" name="modify_form_record" value="Modify">~;

if ($per_del && $instdel) {

$output .= qq~<input type=hidden name="delete" value="$rec{$db_key}">~;

$output .= qq~<input type="SUBMIT" name="delete_record" value="Delete">~;

}

$output .= qq~</form></td></tr>~;

}

}


i think i should have been able to do it using the field number for the userid field, but i never could figure it out and since field type alpha didn't seem to do anything i decided to steal it.