Rick
|
| Posted: 11/13/2003, 11:50 AM |
|
I am working with CCS, PHP and MySQL.
The question is about user authentication with the Task Manager Builder Solution.
I assumed that only the administrator can access the Administration Area. This is correct after trying out the site.
I also assumed that user 'Peter',for example, could only modify tasks that were assigned to him. This is not what I'm seeing. I see that the security level for the page TaskRecord is set to user and "Peter's" Security Level is set to user, but it seems that Peter can modify any of the tasks regardless of who is assigned to it.
Am I missing something? Does Task Manager work this way?
I was hoping that users would only be able to modify tasks assigned to them. Maybe it wont be a problem. I am going to be modifying Task Manager so that a user has to login in order to see the tasks, and they will only be able to see tasks assigned to them. But, still, this seems like a security issue.
Any insight on this would be helpful.
Thanks,
Rick Page
ISPwebhosting4u.com
|
|
|
|
ryan
|
| Posted: 11/19/2003, 3:30 AM |
|
On most of my CCS projects I use
5 ------------------------ admin
4 ------------------------ supervisor
3 ------------------------ moderator
2 ------------------------ manager
1 ------------------------ user
Then I check higher level inclusive of lower levels.
I restrict every pages setting to 5,4
or any security role of my desire. Therefore I am sure that this can only be viewed by these user roles. With that I also encrypt/decrpyt the UserID so that I get more security. There are a lot of functions already free and using them with CCS, I can solve a set of issues in one sitting.
Regards
|
|
|
|
Rick
|
| Posted: 11/19/2003, 10:24 AM |
|
Thanks for the help Ryan,
I tried what you stated, but my problem is with level 1... or I am starting to think that is a php/session problem.
I have TaskRecord set at level 1, user. When a user, Peter for example, logs in, Peter should only be able to modify tasks assign to Peter. And Bob should only be able to modify tasks assign to Bob....
Anyway, any user can modify any task assigned to anybody. The only difference I see between a user and an admin is that the admin can get to the Administration page and the users can't.
I decided to try the example in CC because I'm a little more familiar with it, and got the same results.
I did see in CC where the Input parameter for TaskRecord was field assigned_from, variable name:UserID, type session,....
Shouldn't this be set to Field assigned_to and not assigned_from?
It would seem to me that if all the tasks were assigned from the administrator, then only the administrator would be able to access them in order to modify them.
I'll keep working with CC and CCS.
Thanks again for your help.
Rick
|
|
|
|
Rick
|
| Posted: 11/19/2003, 3:18 PM |
|
For those that care, I found a CCS solutions.
I placed the following custom code in the 'AfterInitialize' section for the TaskRecord page:
// Write your own code here.
global $Redirect;
global $UserInfo;
global $DBintranet;
$UserID = CCGetUserID("user_id", 0);
$task_id = CCGetFromGet("task_id", "");
if($task_id != "")
{
$assignedUserID = CCDLookUp("user_id_assign_to", "tasks", "task_id=".$task_id, $DBintranet);
//echo "<!--U:".$UserID."--A:".$assignedUserID."--T:".$task_id."--><br>";
if($UserID != $assignedUserID)
{
//echo "<!--Redirect--><br>";
$Redirect="Default.php";
}
}
// -------------------------
//End Custom Code
I had just assumed that the example did not need any modifications to do this.
Interesting that I found my solution by searching in the tutorial for TaskMan, but it in the 'Enhancing Application..' section and was for C# and VB.NET
Mental note, the complete documentation .chm file is better than the .pdf files, when it comes to searching for examples.
Anyway, hope this helps someone and thanks again Ryan.
Rick
|
|
|
|
|
|
