Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Group permissions mod

Quote Reply
Group permissions mod
Are there any mods that allow records to be assigned to groups of users or mulitple users? If not, are there any plans to incorporate this feature into DBMan SQL in the very near future?
Quote Reply
Re: [Halito] Group permissions mod In reply to
Yeah its quite easy.

Just customize your usertable and add new enum field called GroupPermissions and add these to it

group1 group2 group3

and then you can modify your templates ie search results to add something like

<%if GroupPermissions eq group1%>
Show this to group1
<%endif%>

<%if GroupPermissions eq group2%>
Show this to group1
<%endif%>

<%if GroupPermissions eq group2 or GroupPermissions eq group3%>
Show this to group2 and group3
<%endif%>

Something like thatCool
Quote Reply
Re: [Suomi] Group permissions mod In reply to
Thanks for the suggestion. I forgot about the extra fields in the user tables and the possibility to use them in conjunction with conditionals.

However, I'm looking for a more robust solution. When someone with admininstrative permissions adds a file, that file could be simultaneously assigned to one or more users/groups (group = user table?).

These users and groups should be automatically pulled from the user table, but since they will change often, there should be no coding necessary in the templates. I need something that will allow me to add 50-60 groups containing hundreds of users.

Any suggestions?
Quote Reply
Re: [Halito] Group permissions mod In reply to
You should also add a field for your records (files) ie permission enum perm1 perm2 perm3,

Which would be available for specific users only, and only admis would be able to select which groups it would be available.

PM me and give me the site address, and/or tell me exactly what it is for, so I know what you are talking about.Cool
Quote Reply
Re: [Suomi] Group permissions mod In reply to
This sounds more interesting! I haven't played with the users table yet. Would it be possible using your method for admins to create groups of users on their own and then assign files to them?

The database only exists on a test server behind my firewall right now, but it will be used for mortgage transaction tracking. With each mortgage, there are realtors, lawyers, borrowers, etc., who should be able to view the file. For instance, one office of realtors should be able to see all the transactions they are involved with, whereas a borrower may only be able to see his or her own mortgage.

Thanks again for your ideas!
Quote Reply
Re: [Halito] Group permissions mod In reply to
After thinking about this some more, it doesn't appear possible to create groups of users in DBMan SQL without altering the way the script assigns and reads the Userid field. That sounds like an awful lot of work for something that should be kind of a basic feature.

The ability to easily authenticate users by groups seems to be a cornerstone of any commercially viable database product. How can Gossamer Threads have left out this important feature?

Or am I missing something?
Quote Reply
Re: [Halito] Group permissions mod In reply to
Thanks to TheStone for the edit to Home.pm (see below). Can you tell me what this does, exactly?

I was successful in comparing the "gid" field in the user table and the "file_gid" field in the record table (<%if file_gid == $gid%>) in search_results.html to prevent users from seeing records belonging to other groups.

How could I prevent an admin from creating another admin with someone else's group ID to get at their files? The "gid" field for each new user is automatically inherited from the admin who creates them, but I'm worried about someone creating a user in the browser's URL field. Could there be a way to check that the gid is unique OR matches the gid of the new user's creator?

Thanks again,
Halito

The change to Home.pm:

Code:
- admin_inquire_user:

....
my $table = $self->{sql}->table($self->{cfg}->{'user_table_use'});
my $gid = $self->{user}->{gid};
my $user_inf = $table->select({ Username => $username, gid => $gid},'HASH')
|| {};

....


- admin_edit_user:

...
if ( $new_username ) { # add new a user
...
$self->{cgi}->{a_Username} = $new_username;
$self->{cgi}->{gid} = $self->{user}->{gid};
....
}
else {
...
}
...
Quote Reply
Re: [Halito] Group permissions mod In reply to
Hi,

In Reply To:
Can you tell me what this does, exactly
Admin users will be able to add/edit/delete their own subusers.

In Reply To:
(<%if file_gid == $gid%>) in search_results.html

The secure system will be broken if someone pass in gid=whatever to your search engine. The only way to work it out is to customize your code.

I did mention that this feature is not easy to accomplish in my last message. It has a bunch of works to do, you can absolutely build it with knowledge of Perl programming and understanding our code.

If you want us to help you out with this issue, please feel free send me email.

TheStone.

B.

Last edited by:

TheStone: Jul 16, 2003, 1:06 PM
Quote Reply
Re: [TheStone] Group permissions mod In reply to
Hi Stone and Halito,

How did this custom modification end? I am also interested in it.

Jasper

http://www.bookings.org
Quote Reply
Re: [jaspercram] Group permissions mod In reply to
Hi

I'm also interested in this custom modification.
Thank you for posting more details here. Cool

Oliver