Ok, I have a little problem.... You probably hear that a lot.

Anyway, I want to have a "rating" field in the database that everyone can view, but only people with "moderator" or "admin" priviledges can modify.

Also, I have six or seven "groups", each of which has a moderator. Now, I don't want the moderator from the first group editing the rating on entries from the second group. Moderators can only edit ratings within their own groups.

I know one way to go around this is to have a separate database for each group. But then I would like to be able to search all the databases simultaneously.

How would I go about doing this?

Thanks in advance.

How are your groups defined?

JPD

It's set as a field, "group". When you add to the database, you select one of the groups from a drop down menu. They have text names.

Woah! Thanks!

The problem, though, is that I do have auth_modify_own set . View is set as a default permission.

However, I'll turn auth_modify_own off, and try to tinker with it to see how it works.

Thanks a ton!

Ok, it works... But there are a few slight problems. First, I -do- want people to modify their own records, however I want to fields to be moderator only.

A work around is if I use the Add Permision mod, and add a perm_mdr. And keep the perm_mod. However, how do I make that one (or two) field have a perm_mdr check if you want to edit it?

One way I thought to work on it is to change the html.pl file, so that if you have perm_mdr for the group you are trying to modify, then you get a page with build_select_field while everyone else just gets the moderator only field printed. That way, everyone can view the field, but only someone with perm_mdr for that group can modify it.

Still, there was a little problem with the modifications you gave me. The modify permission doesn't save. I select it and click Update/Add User, but it just keeps the default "blank" first field. Any reason why this happens?

Thanks,

jorge

I'm not sure what question I should answer.

Fixing the problem with the code I gave you is sorta beside the point if you're going to need something else.

Let's start over.

What exactly do you want to do?


JPD

Ok, here we go:

A want a certain kind of user, a moderator, to be able to modify the "rating" and "rank" fields in my database. Everyone should be able to see them, but only moderators should be able to change them. However, if a moderator belongs to group 1, he should only be able to change ratings of records from group 1, and not groups 2+. A moderator from group 2 shouls only be able to change ratings from records of group 2, not from group 1 or 3+, etc.

I have the problem semi-solved. I used your add permission mod, and created a mdr permission. However, in db.cgi sub admin_display, instead of having a checkbox for the moderator permission, it's a text field. That way I can assing $perm_mdr to be anything from 0-9 (I set max_length for the text field to 1, but it can be changed).

Now I need to add a function, change_rating that will check to see if $group_number=$perm_mdr. However, I need to convert $group which is text, to $group_number.

And I think that about solves it...

Sorry for bothering you.

Thanks!

jorge

You're not bothering me. I just need to know what to do.

You can do this a couple of ways. One would be to use $group instead of $group_number -- saving the name of the group in the .pass file.

The other way is to set up an array in your .cfg file (or somewhere else, but that's probably the best place):

@groups = qw(group0 group1 group2 group3);

Then you could determine which group for which the user is a moderator by $groups[$perm_mdr].

Does this help?


JPD

Everything is working OK so far, thanks for the help.

However, a slight problem just arose... Is there any way to setup my array so that a space does not separate one entry from the next? Some of my group names contain spaces in them, which doesn't work well when I try $groups[$per_mdr], as everything gets funky right about there.

Also, is there any command that lets me do the inverse? For example, if I have my array set up so:

@groups = qw(group0 group1 group2 group3);

And I use the command so:

command(group2,$groups)

It will return the position of group2 in my $groups array (in this case, 2).

Thanks,

jorge

I was afraid of that. But hoping.

Set up your array like

@groups = ('group zero','group one','group two','group three');

Notice that there are single quotes around the group names, commas between the group names, but no spaces between the group names.

Not exactly. Or at least I couldn't find such a command. But you could make a little subroutine, if you wanted to, which would act as though it were a command:

Then you could use

$group_number = &group_number("group name");




JPD

OK, thanks! That works for me. Thanks for all the help!

I hope no more problems pop-up...

jorge

Ok, one last problem and this should be the end of my DBMan customization...

OK, I copied all the modify functions and renamed this second batch as rating functions. So the names are all similar, rating_record, html_rating_form, etc. In sub main, only people with per_mdr can use the rating functions.

However, when it comes time to search for people to rate, I can't adapt sub query to search ONLY for people within the group of the moderator... So far, I've gotten it from showing only those entries of the moderator to showing all the entries... How do I limit it so that only records that match ($per_mdr eq &group_number($values[$group_field])) are shown in in html_rating_form? (Where $group_field is defined in default.cfg as the field number of my group value.)

Do you want to list all the records for which the current user is the moderator?


JPD

Exactly.

At the beginning of html_rating_form, add

That will list all the records for which the person is a moderator.

If you're going to have more records that will fit on a page, this might cause a problem, though. I wouldn't be able to tell for sure without seeing the subroutines you've written.

The thing you want to do is to set a search term before you get to sub query -- not limit it within sub query.

JPD

And this works even with $auth_modify_own set to 1? That's given me problems...

Probably not. I thought of that just after I hit the "Continue" button.

In the code I gave you, change

my ($status, @hits) = &query("mod");

to

my ($status, @hits) = &query("view");

That'll give you the correct search results.

Now for sub modify_record. Hmmmmmm.

What is the $per_mdr value for those who are not moderators? 0?

JPD

OK, I fixed that problem... Rather crudely, but it's a fix. Instead of having sub html_rating_form_record (clone of html_modify_form_record) call html_record_form, I made html_rating_form, whichs checks for permissions there. It displays all the other fields for the record (in text, not in <input> forms), and if the moderator is of the same group as the record, then an <input> field appears for the rating. Otherwise you can only view the record. However, I had to carry all the other information in hidden <input> fields in order to not get a "such-and-such field cannot be left blank warning".

So I set sub html_rating_form (clone of html_modify_form) with
my ($status, @hits) = &query("mdr");
which avoids any restrictions in sub query. However, a new problem arises. Whenever I try to rate a record which doesn't have the same userid as the moderator, I get an "unable to find record/no record specified: (name of record I specified)" error. And I have no idea why that happens...

Any insights?

Ok, I found the problem. There's a pesky little line in sub get_record:

($restricted = 1) if ($auth_modify_own and !$per_admin);

Which was changed to:

($restricted = 1) if ($auth_modify_own and !per_mdr and !$per_admin);

However, I don't like it much, because it could result in a security breach with moderators modifying and deleting records they shouldn't...

Is there any way to fix this?

That's what I've been working on since I last posted here. I have a probable solution. I'll tell you the problem with it in a minute.

Change

($output .= "$line\n" and next LINE) if ($restricted and ($db_userid ne $data[$auth_user_field]));

to

Now for the problem. If there is a moderator who owns a record in a group for which someone else is the moderator, he won't be able to modify his own record. Is that possible with your setup?

JPD

Not only possible, but very likely that each moderator will have at least one record under another moderator.

jorge

Acccckkkkkkkkk!!!!!!!!!!!!!

Okay. Let's see. Try this.

I start getting confused when dealing with "if"s coupled with "and"s and "or"s.


JPD

I know what you mean . The "logics" part of my brain just went ballistic.

But, Oops! Now not even admin can modify/rate anything... Oh-uh...

I'll take a look and see if I can spot something wrong in all the if's and's or's but's and not equal to's...

You could wrap the whole code in

Does that help?

JPD