Joe
|
| Posted: 09/13/2002, 8:54 AM |
|
I'm trying to create a wishlist apllication, where each user has their own wishlist, and can add/update/delete entries to it, but not anyone else's.
All users have the same security level (except admin users but thats irrelevant) I've found that if I log in as me (security level 1), codecharge also allows me to edit other users wishlists, just by clicking on the insert link for another users wishlist, it doesn't ask me to log in as that user...am I missing something obvious here?
any help would be greatly appreciated....
Joe.
|
|
|
 |
Joe
|
| Posted: 09/13/2002, 9:08 AM |
|
I'm using Access and ASP, if that helps at all!
|
|
|
|
Nicole
|
| Posted: 09/16/2002, 5:23 AM |
|
Joe,
you should store user_id value in the wishlist table. When displaying the grid form add Table parameter UserID of session type and assign it to user_id field of the table. It lets you list records belong to logged in user only.
When inserting new wish automaticaly set user_id value to be equals session var.
In order to forbid user edit wishes belong to other user by chaging wish_id in url add user checking code into page After Initialize event. Here is the tip for it: catch the wish_id value passed through url, retrieve corresponding user_id and compare it to UserID stored in session var. In case they are different it means that user tries to edit the record not owned by logged in user. Then redirect him to any page.
|
|
|
|
|
