kirchaj
|
| Posted: 10/20/2004, 7:36 AM |
|
I have a question concerning security. I have one table with users and three security levels read only, full access, and administrator. What I really want to be able to do is allow read only and full access to the same pages but the read only group will not be able to update,delete, etc. Any ideas on how to do this?
thanks.
Tony
|
|
|
 |
datadoit.com
|
| Posted: 10/20/2004, 8:45 AM |
|
One way to handle this is to define a 'disabled' template variable, then
place the label into the form's HTML.
BeforeShow:
global $Tpl;
if (CCGetGroupID() == "whatever") {
$Tpl->SetVar("Update", disabled);
}
else {
$Tpl->SetVar("Update", "");
}
Type in the name of the template variable into the HTML:
<td><input value="{s_City}" name="{s_City_Name}" style="WIDTH: 150px"
{Update}></td>
This will disable the form field preventing updates, but still displays the
contents. For the form buttons, you can hide them by:
Button_SubmitBeforeShow:
if (CCGetGroupID() == "whatever") {
$form->Button_Submit->Visible = false;
}
-MikeR
|
|
|
|
peterr
Posts: 5971
|
| Posted: 10/20/2004, 10:47 AM |
|
Another way could be to create 2 similar record forms, one for the data entry and another with labels, then set different security access to each of those forms. I believe that no coding would be needed for this, although I could be wrong.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
DonB
|
| Posted: 10/20/2004, 2:15 PM |
|
If you set the form as "Restricted", then you have the ability to specify
what permissions each security level is granted. When they don't have
"delete" then the Delete button is not provided, etc. The text fields will
still allow them to type into them, but there won't be a way to put those
changes into the database if the security level denies them.
--
DonB
http://www.gotodon.com/ccbth
"kirchaj" <kirchaj@forum.codecharge> wrote in message
news:5417677dd5fca2@news.codecharge.com...
> I have a question concerning security. I have one table with users and
three
> security levels read only, full access, and administrator. What I really
want
> to be able to do is allow read only and full access to the same pages but
the
> read only group will not be able to update,delete, etc. Any ideas on how
to do
> this?
>
> thanks.
>
> Tony
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
kirchaj
|
| Posted: 10/21/2004, 11:20 AM |
|
DonB,
That is exactly what I did. I gave access to the appropriate pages and then went down to the grid level and gave explicit right to each of the groups full access to admin, read access to the read only group. It seems to work just fine and the user is redirected to the no authorization page if they try something that they don't have rights to.
Thanks for all the suggestions.
Tony
|
|
|
|
|
