Gossamer Forum
Home : Products : DBMan : Customization :

Disabling *

Quote Reply
Disabling *
Is there a way in which a * search can be disabled so that users cannot find all records?

If this is possible, is there a way in which it can be enabled just for admin, or only for certain fields?

Thanks

ais
Quote Reply
Re: Disabling * In reply to
Hi there.

Try this....

1) Find the following codes in the sub query routine in db.cgi:

Code:
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.

which is located in the following area of that routine:

Code:
# Now let's build up all the regexpressions we will use. This saves the program
# from having to recompile the same regular expression every time.
foreach $field (@search_fields) {
my $tmpreg = "$in{$db_cols[$field]}";
(!$in{'re'}) and ($tmpreg = "\Q$tmpreg\E");
($in{'ww'}) and ($tmpreg = "\\b$tmpreg\\b");
(!$in{'cs'}) and ($tmpreg = "(?i)$tmpreg");
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.

$regexp_func[$field] = eval "sub { m/$tmpreg/o }";
$regexp_bold[$field] = $tmpreg;
}

2) Change that line to the following:

Code:
if ($per_admin) {
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.
}
else {
}

See if this works. Remember to back up your files when you add new codes.

Smile

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us
Quote Reply
Re: Disabling * In reply to
Yes, it does and it will take some time to write some codes that will address your second concern. Not an easy fix to say the least. It will entail re-writing sub-routines in the db.cgi file, which I don't have time to work on right now.

Let me think about this some more and let you know what I come up with. May be other users will be able to provide some codes or solutions in the meantime.

Sorry.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us
Quote Reply
Re: Disabling * In reply to
O.K. Thanks.
Quote Reply
Re: Disabling * In reply to
Hi,

Thanks that solution did work but created a new set of problems.

I am trying to implement the following conditions on a database :

1. Registered user can create his/her own account - one record only.

2. Registered user can only modify/delete his/her own record.

3. Registered user can only view their own record for 'modify' purpose.

4. Only admin can use "*" for searching.

5. A guest (default user) can view all records by using keyword search (not "*").

The problems I am having are :
1. If I set "view_own=1" then the default user keyword search returns no records.

2. If I disable "*" search the modify option returns no matching records (except in admin of course).

Could you please suggest a soution(s)

Regards ais
Quote Reply
Re: Disabling * In reply to
Oops...I forgot to include the add/modify/delete users...

Use these codes:

Code:
if (($per_admin) && ($per_mod) && ($per_del)) {
($in{$db_cols[$field]} eq "*") and ($tmpreg = ".*"); # A "*" matches anything.
}
else {
}

Hope that works.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us

[This message has been edited by Eliot (edited September 10, 1999).]
Quote Reply
Re: Disabling * In reply to
Thanks for the reponse - it works partially.

For Registered users, the search function returns matching records.

The delete & modify options return no matching records.

By the way I am using the userfriendly.pl file.

Would appreciate more input.

Re the second issue, can I have view_own=1 for registered users, but view all for default?

Thanks/Regards A. I. Sinclair
Quote Reply
Re: Disabling * In reply to
Yes...You can set the default permissions to the following:

1,0,0,0,0

This will allow people to view all records.

In terms of the user_friendly mod, I don't think that there has been a change with the permission variables. So, it should work like I have written. The friendly html.pl file does not affect the db.cgi file, where you need to make these changes.

Smile

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us
Quote Reply
Re: Disabling * In reply to
What can I say, the code does not work.

Re the permissions - I don't think you understood my question. I have detailed my aim previously but will restate it in part.

I have default user enabled with view permission, which allows viewing of all records - against keyword search in a single field on a customised form.

But then I want to have registered users to view only their own records - sothat they can only search for their own records when they are logged in (to stop them from being able to do keyword searches on all fields).

Thanks ais
Quote Reply
Re: Disabling * In reply to
Hi,

Got the script to work.

I changed your "&&" to "or" and it seems to be working now.

Cheers ais
Quote Reply
Re: Disabling * In reply to
Good. I did understand your request quite clearly. I am glad it worked.

Wink

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us
Quote Reply
Re: Disabling * In reply to
Hi,
Now I am confused.

I had 2 issues :

a) disabling * search which led to the modify/delete problem. This issue is now resolved - Thanks.

b) is the question on permissions. This is still not resolved. As soon as I set view_own=1, it overrides the view all setting for the default user and I get no matching records on a keyword search for the default user.

Any help would be appreciated.

Rgds ais
Quote Reply
Re: Disabling * In reply to
Try setting the view own to 0.

Regards,

------------------
Eliot Lee
Founder and Editor
Anthro TECH, L.L.C
http://www.anthrotech.com/
info@anthrotech.com
==========================
Coconino Community College
http://www.coco.cc.az.us/
Web Technology
Coordinator
elee@coco.cc.az.us
Quote Reply
Re: Disabling * In reply to
Once again I think you are missing the point of what I am trying to do - so I will once again try to clarify.

If I set view_own=0 then registered users can do searches on all fields for all records once logged in - this is what I want to prevent.

Basically I want to have the following :
default_user=1 with permission=1,0,0,0,0
view_own=1

I know the 2 above statements are in conflict because in the first statement I am saying default can view all records, but then in second statement I say users (including default) can only view their own records which cancels out the first statement.

So what I need is something that makes the first statement only apply to default (and not to registered users); and makes the second statement apply only to registered users (but not to default).

I hope this clarifies my needs.

Rgds ais