SteveG
Posts: 56
|
| Posted: 01/14/2005, 9:13 AM |
|
I'm designing an online community, with users belonging to different levels of security: public, members, super-members, staff and administrators. In the community there are tables such as discussions, polls and calendars; and corresponding areas for each discussion areas, poll areas and calendar areas.
I'm now trying to set the security dynamically in these areas, so for example, some discussion areas are only for super-members (and above). I see how powerful the restrictions can be for specific grids/forms - which is great - but I'd like to set these security levels with tables instead, and use the same page for all the different areas. Is there an easy and elegant way of doing this? (Perhaps session variables?)
I'm using PHP & mySQL. Thanks in advance for any help.
|
 |
 |
mrachow
Posts: 509
|
| Posted: 01/15/2005, 12:31 AM |
|
When using the same page you have to filter your data.
What if you would mark your data with the security level or with the UserID?
_________________
Best regards,
Michael |
|
|
|
SteveG
Posts: 56
|
| Posted: 01/15/2005, 5:42 PM |
|
Quote mrachow:
When using the same page you have to filter your data.
What if you would mark your data with the security level or with the UserID?
I think I am marking my data.
Each of the Discussion_Areas, Poll_Areas, and Calendar_Areas tables have a Audience_Id field, which should be matched <= the session GroupID value in order to control the page functions.
But it's getting mighty tricky to control who can read/write/update without using the CCS security; which I can't seem to do because I'm controlling the security *with the data*, not the pages.
|
|
|
|
mrachow
Posts: 509
|
| Posted: 01/16/2005, 12:02 AM |
|
I see that I had not understood correctly.
There are form properties that control if insert, delete or update are allowed. You can them according to your dynamic situation.
The problem here is someone who can read only see entry fields of course without the possibility to update or insert.
Hope this helps!?
_________________
Best regards,
Michael |
|
|
|
SteveG
Posts: 56
|
| Posted: 01/16/2005, 12:15 AM |
|
Thanks Michael, I didn't understand, because I thought you didn't, but basically we're both on the same wavelength.
Right now I am doing the security the way you've mentioned, and I am worried that deviants will be able to hack my tables. Also, it becomes a bit of a chore since I'm trying to lean as heavily as possible on the tables, and not the pages. CCS is very good at doing some things, but since it kind-of locks the security pretty tightly to the pages, it's making this aspect pretty tough on me. In order to just get the job done, I've decided to open up all my pages as read-only to everybody, and then playing around (a lot) just trying to control who can write to the underlying files. It would be much easier, and I could get a lot more power out of, dynamically setting the page security according to tables. Thanks for the help, perhaps this post ought to go in the wish-list section?
- Steve
|
|
|
|
mrachow
Posts: 509
|
| Posted: 01/16/2005, 11:53 PM |
|
I havn't tried it but you should be able to place any of your tables on one form.
For every form you can specify the restrictions for access (Restricted is a form property too).
_________________
Best regards,
Michael |
|
|
|
|
