Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Validate records by admin feature needed

Quote Reply
Validate records by admin feature needed
Hi,

does anyone have any advice how to set this up: Registered users are allowed to modify (perhaps add/delete) own records. But before any modification gets public (i. e. can be seen by anonymous/default users) an administrator/supervisor has to approve the modification (perhaps deletion, addition).

Any idea how I can set this up with DBMan SQL?

Thanks, Armin
Quote Reply
Re: [Armin] Validate records by admin feature needed In reply to
Hi Armin,
I have implemented such a system ie. guests can contribute but their post is only viewable by everyone after I have validated it.
In my table (which has in Setup option "new user can add record" set to YES), I have a 'validated' field (radio button, Yes/No)
In my display template, I have a conditional fork of type:
<%if validated eq 'N'%> .... display "unvalidated post, come back later"...
<%else%>.... display the record....
<%endif%>
That's all. Hope it helps!
Quote Reply
Re: [charly] Validate records by admin feature needed In reply to
Hi Charly,

thank you very much for your advice. I think I will go into the direction you point. But how do you prevent the users from setting the validated field to "Yes" by themselfes? As they have write permissions they could do this. Ok they have to know that there is such a field and they have to construct a query that modifies their record (do=modify_record&id=nn&validated=Y....). But at least theoretically this should be possible - or not?

A minor problem I see is that you have to make sure that any non-validatet output by any template is blocked in this way.

Thanks again for your help.

Armin
Quote Reply
Re: [Armin] Validate records by admin feature needed In reply to
Armin, the validated field is NOT at all available to guests, even registered ones and only the admin has access to it. The problem effectively, you are right, is that if the guest can modify a record AFTER you've validated, then the validated must switch back to "no". Should be possible.
Charly
Quote Reply
Re: [charly] Validate records by admin feature needed In reply to
Quote:
Armin, the validated field is NOT at all available to guests, even registered ones and only the admin has access to it.


Hm, to say the truth I do not understand this - but perhaps I did not make myself clear enough. Of cource I do not think that there is a radio buttom or check box for registered users on your site so that users simply could check "Validated" to be true by themselfes. If that's what you mean that's fine as far as it goes. But if your registered users have the right to modify their records in table A and if the "Validated" field is inside this table A a unfriendly user could for example construct his own form (or modify your add-record form) so that the "Validated" field is included in this form, set this field value to Yes and post the data to your database. In this way he could set the "Validated" field to true by himself. As DBMan SQL does not allow different permissions to different fields of the same table but only sets permissions for tables as a whole I do not see how you could prevent users from doing so -- unless the "Validated" field is in a different table for which registered users do not have modify permission.

Thanks again for your comments!

Armin