Are there any mods that allow records to be assigned to groups of users or mulitple users? If not, are there any plans to incorporate this feature into DBMan SQL in the very near future?
Apr 10, 2002, 11:30 AM
User (194 posts)
Apr 10, 2002, 11:30 AM
Post #2 of 10
Views: 5531
Re: [Halito] Group permissions mod
Yeah its quite easy.
Just customize your usertable and add new enum field called GroupPermissions and add these to it
group1 group2 group3
and then you can modify your templates ie search results to add something like
<%if GroupPermissions eq group1%>
Show this to group1
<%endif%>
<%if GroupPermissions eq group2%>
Show this to group1
<%endif%>
<%if GroupPermissions eq group2 or GroupPermissions eq group3%>
Show this to group2 and group3
<%endif%>
Something like that
Just customize your usertable and add new enum field called GroupPermissions and add these to it
group1 group2 group3
and then you can modify your templates ie search results to add something like
<%if GroupPermissions eq group1%>
Show this to group1
<%endif%>
<%if GroupPermissions eq group2%>
Show this to group1
<%endif%>
<%if GroupPermissions eq group2 or GroupPermissions eq group3%>
Show this to group2 and group3
<%endif%>
Something like that
Apr 10, 2002, 11:47 AM
Novice (32 posts)
Apr 10, 2002, 11:47 AM
Post #3 of 10
Views: 5539
Thanks for the suggestion. I forgot about the extra fields in the user tables and the possibility to use them in conjunction with conditionals.
However, I'm looking for a more robust solution. When someone with admininstrative permissions adds a file, that file could be simultaneously assigned to one or more users/groups (group = user table?).
These users and groups should be automatically pulled from the user table, but since they will change often, there should be no coding necessary in the templates. I need something that will allow me to add 50-60 groups containing hundreds of users.
Any suggestions?
However, I'm looking for a more robust solution. When someone with admininstrative permissions adds a file, that file could be simultaneously assigned to one or more users/groups (group = user table?).
These users and groups should be automatically pulled from the user table, but since they will change often, there should be no coding necessary in the templates. I need something that will allow me to add 50-60 groups containing hundreds of users.
Any suggestions?
Apr 10, 2002, 12:46 PM
User (194 posts)
Apr 10, 2002, 12:46 PM
Post #4 of 10
Views: 5534
Re: [Halito] Group permissions mod
You should also add a field for your records (files) ie permission enum perm1 perm2 perm3,
Which would be available for specific users only, and only admis would be able to select which groups it would be available.
PM me and give me the site address, and/or tell me exactly what it is for, so I know what you are talking about.
Which would be available for specific users only, and only admis would be able to select which groups it would be available.
PM me and give me the site address, and/or tell me exactly what it is for, so I know what you are talking about.
Apr 11, 2002, 1:32 PM
Novice (32 posts)
Apr 11, 2002, 1:32 PM
Post #5 of 10
Views: 5500
This sounds more interesting! I haven't played with the users table yet. Would it be possible using your method for admins to create groups of users on their own and then assign files to them?
The database only exists on a test server behind my firewall right now, but it will be used for mortgage transaction tracking. With each mortgage, there are realtors, lawyers, borrowers, etc., who should be able to view the file. For instance, one office of realtors should be able to see all the transactions they are involved with, whereas a borrower may only be able to see his or her own mortgage.
Thanks again for your ideas!
The database only exists on a test server behind my firewall right now, but it will be used for mortgage transaction tracking. With each mortgage, there are realtors, lawyers, borrowers, etc., who should be able to view the file. For instance, one office of realtors should be able to see all the transactions they are involved with, whereas a borrower may only be able to see his or her own mortgage.
Thanks again for your ideas!
Apr 16, 2002, 5:32 AM
Novice (32 posts)
Apr 16, 2002, 5:32 AM
Post #6 of 10
Views: 5466
After thinking about this some more, it doesn't appear possible to create groups of users in DBMan SQL without altering the way the script assigns and reads the Userid field. That sounds like an awful lot of work for something that should be kind of a basic feature.
The ability to easily authenticate users by groups seems to be a cornerstone of any commercially viable database product. How can Gossamer Threads have left out this important feature?
Or am I missing something?
The ability to easily authenticate users by groups seems to be a cornerstone of any commercially viable database product. How can Gossamer Threads have left out this important feature?
Or am I missing something?
May 9, 2002, 6:28 AM
Novice (32 posts)
May 9, 2002, 6:28 AM
Post #7 of 10
Views: 5435
Thanks to TheStone for the edit to Home.pm (see below). Can you tell me what this does, exactly?
I was successful in comparing the "gid" field in the user table and the "file_gid" field in the record table (<%if file_gid == $gid%>) in search_results.html to prevent users from seeing records belonging to other groups.
How could I prevent an admin from creating another admin with someone else's group ID to get at their files? The "gid" field for each new user is automatically inherited from the admin who creates them, but I'm worried about someone creating a user in the browser's URL field. Could there be a way to check that the gid is unique OR matches the gid of the new user's creator?
Thanks again,
Halito
The change to Home.pm:
....
my $table = $self->{sql}->table($self->{cfg}->{'user_table_use'});
my $gid = $self->{user}->{gid};
my $user_inf = $table->select({ Username => $username, gid => $gid},'HASH')
|| {};
....
- admin_edit_user:
...
if ( $new_username ) { # add new a user
...
$self->{cgi}->{a_Username} = $new_username;
$self->{cgi}->{gid} = $self->{user}->{gid};
....
}
else {
...
}
...
I was successful in comparing the "gid" field in the user table and the "file_gid" field in the record table (<%if file_gid == $gid%>) in search_results.html to prevent users from seeing records belonging to other groups.
How could I prevent an admin from creating another admin with someone else's group ID to get at their files? The "gid" field for each new user is automatically inherited from the admin who creates them, but I'm worried about someone creating a user in the browser's URL field. Could there be a way to check that the gid is unique OR matches the gid of the new user's creator?
Thanks again,
Halito
The change to Home.pm:
Code:
- admin_inquire_user: ....
my $table = $self->{sql}->table($self->{cfg}->{'user_table_use'});
my $gid = $self->{user}->{gid};
my $user_inf = $table->select({ Username => $username, gid => $gid},'HASH')
|| {};
....
- admin_edit_user:
...
if ( $new_username ) { # add new a user
...
$self->{cgi}->{a_Username} = $new_username;
$self->{cgi}->{gid} = $self->{user}->{gid};
....
}
else {
...
}
...
May 9, 2002, 10:40 AM
Staff / Moderator (733 posts)
May 9, 2002, 10:40 AM
Post #8 of 10
Views: 5410
Hi,
Admin users will be able to add/edit/delete their own subusers.
The secure system will be broken if someone pass in gid=whatever to your search engine. The only way to work it out is to customize your code.
I did mention that this feature is not easy to accomplish in my last message. It has a bunch of works to do, you can absolutely build it with knowledge of Perl programming and understanding our code.
If you want us to help you out with this issue, please feel free send me email.
TheStone.
B.
Admin users will be able to add/edit/delete their own subusers.
The secure system will be broken if someone pass in gid=whatever to your search engine. The only way to work it out is to customize your code.
I did mention that this feature is not easy to accomplish in my last message. It has a bunch of works to do, you can absolutely build it with knowledge of Perl programming and understanding our code.
If you want us to help you out with this issue, please feel free send me email.
TheStone.
B.
Dec 16, 2002, 5:38 AM
User (150 posts)
Dec 16, 2002, 5:38 AM
Post #9 of 10
Views: 5306
Hi Stone and Halito,
How did this custom modification end? I am also interested in it.
Jasper
http://www.bookings.org
How did this custom modification end? I am also interested in it.
Jasper
http://www.bookings.org
