Gossamer Forum
Home : Products : DBMan : Customization :

How to set permission?

Quote Reply
How to set permission?
I am using JPDeni password lookup mod and I want to set permission that allow registered user modified his record only. Right now, after user login and search for all record to modify, the program list all the record and he can choose which record he can modify/delete even it's not his. Also, I need to set default user can search and view record. Here's the setup in default.cfg file as below:

$auth_no_authentication = (1,1,1,1,0);
$auth_logging = 1;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_signup = 1;
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = (1,0,0,0);
$auth_view_own = 0;

Thanks for any help.

Quote Reply
Re: How to set permission? In reply to
Hi, following is the sample auth set-up Alex has listed in the Readme.txt file. I believe these settings will allow your database to run the way you want. You can review notes in the Readme file for more info & other settings.

* Users must log on to add, remove, modify but anyone can view without logging on:
$auth_no_authenticaion = 0;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_modify_own = 0;
$auth_view_own = 0;


Quote Reply
Re: How to set permission? In reply to
Karen,
Im having an issue with permissions.

I want to allow default users (bypass login) and view records. I want users to modify/view/delete their own records. Thus so far I have been successful,except when I use this: http://www.coastcottages.com/cgi-bin/dbman/db.cgi?db=default&uid=default
it takes me to the main screen. HOME | VIEW | LIST ALL | LOGOFF which is perfect.

But when I try to view or list all......it returns zero records. Here is the Auth. definitions from my .cfg file.



# Authorization Options
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0;

# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 28800; # 6 hours (in seconds)

# Enable (1) or disable (0) logging.
$auth_logging = 1;

# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;

# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 1;

# Permissions a new signup should get.
@auth_signup_permissions = (1,1,1,1,0);

# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;

# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 1;

Quote Reply
Re: How to set permission? In reply to
Karen,
The settings that you refer too still does not perform to expectations.
I can use a default user, but I have to enable No Authenticate in order for them to view any records.
If I set TO Authenticate, the Default user can't see any records.

If I set Modify Own / View Own to "0" it seems any Joe Blow can login and delete / modify any record they want too.

Once again for anyone to help me....here is my Authorization settings in the .cfg file.



# Authorization Options
# --------------------------------------------------------
# No Authentication? (1 = "there is no authentication", 0 = "there is authentication")
# If you choose no authentication, then set the permissions of what
# people can do with: @auth_default_permissions below.
$auth_no_authentication = 0;

# The amount of time in seconds that user files are kept in the
# auth directory before the program removes them. 2-6 hours is
# probably a good value.
$auth_time = 28800; # 6 hours (in seconds)

# Enable (1) or disable (0) logging.
$auth_logging = 1;

# Allow a default user? This means you can specify a user via the URL
# and skip the logon process. Use this to allow people to search without
# logging on, but require log in if they want to add/modify/remove etc.
# (1 = "yes", 0 = "no")
$auth_allow_default = 1;

# Default permissions used if there is no authentication, or for a default
# user. (View, Add, Delete, Modify, Admin), 1 = enable, 0 = disable.
@auth_default_permissions = (1,0,0,0,0);

# Allow people to sign up for their own userid/passwords? They will
# recieve default permissions.
$auth_signup = 1;

# Permissions a new signup should get.
@auth_signup_permissions = (1,0,0,0,0);

# Registered users: can modify/delete _only_ own records. For this to make
# sense you should set default off or to 1,0,0,0.
$auth_modify_own = 1;

# Registered users: can view _only_ own records. For this to make sense
# you should turn off default permissions.
$auth_view_own = 1;