kevind
Posts: 251
|
| Posted: 05/25/2006, 9:28 AM |
|
Hi all,
I have a 'portal' like project with one page where the user logs in.
From there they can wander off into 'helpdesk', 'projects', 'account' type areas.
There are 2 user levels for logging in, Admin - me and User - them. This, however, doesn't come in handy when i'm trying to restrict objects and pages in the various parts of the system - yes, I could make more levels, but users have different 'roles' when using different parts of the system - affecting what objects to show them.
Questions:
=========
Is there a way to let them authenticate and then change their user level (to react to the restriction settings of various objects).
During Design - how do I tell the system what 'groups' to restrict things to ? I assume I'd only have the 2 user levels....
Any answers / suggestions appreciated.
_________________
thanks
Kevin
======================
CCS 3.2.x / ASP / MS Access /mySQL / PHP / jQuery / jQuery UI / jQuery Mobile
|
 |
 |
Benjamin Krajmalnik
|
| Posted: 05/30/2006, 11:28 AM |
|
The way to handle it is actually quite simple.
Create a security ro;les table and an access rights table.
You then associate (as the system administrator) access rights to a security
role, and then associate a security role to the user.
Your access rights can be page based or control based. For example "Can see
account balance" woud be more of a control based right, whereas "Can view
account info" would be a page based right.
When your user logs in, you see which role/roles he belongs to, traverse the
mapping table which maps rights to a role, and save them in sessio
variables.
Now, you have full control.
|
|
|
|
kevind
Posts: 251
|
| Posted: 05/30/2006, 11:39 AM |
|
What I'm talking about is when using CCS you can click on an object (grid, record, record button) and then use the restrict dialogue to allow certain users to do certain things and others to not.
So, I was looking for CCS to allow me to have different 'roles' in an application with 1 central login. After the login the code might look up the roles and assign a new user level based on the users login which is not difficult.
The problem is accessing those new user levels in the design GUI to control what users can do with objects.
kd
_________________
thanks
Kevin
======================
CCS 3.2.x / ASP / MS Access /mySQL / PHP / jQuery / jQuery UI / jQuery Mobile
|
|
|
|
Benjamin Krajmalnik
|
| Posted: 05/30/2006, 11:54 AM |
|
Well, what you are trying to do is problematic.
Dynamically changing a user's right is simple enough. However, you have to
predefine every possible level in the UI, which is not very flexible.
The flexible way is what I mentioned to you.
YOu have an access rights table, a security roles table, a security roles >
acess rights matrix table (to allow many-many), a users -> security roles
matrix (to allow many-many).
To minimize IO traffic, you would set sessio variables on login, and query
those through execution. Alternatively, you could write a stored procedure,
to which you would pass the user's login and the access right required, and
it would return true/false.
This will signifficantly increase the chatter to the database, bit is also
an option.
The CCS model is fine if you have predefined roles. In one of my
applicatios I do, and use a configuration file which determines dynamicall
which level is required for a specific feature.
It requires changing the CCSecuityRedirect call which is created
automatically when you restrict a page to a mual one, which uses the a
variable (which holds the required level). But, it is not as flexible 
|
|
|
|
kevind
Posts: 251
|
| Posted: 05/30/2006, 12:00 PM |
|
thanks for the feedback - i think i'll see if i can come with 'generic' user levels that would be usable across the many 'applications' that make up the support portal instead.
kd
_________________
thanks
Kevin
======================
CCS 3.2.x / ASP / MS Access /mySQL / PHP / jQuery / jQuery UI / jQuery Mobile
|
|
|
|
Finian826
Posts: 29
|
| Posted: 06/01/2006, 10:21 AM |
|
Good day,
I have come up with a fairly simple function that can be called from any object's Before_Show event.
The code is as follows:
function CheckPerms($Perms, &$db)
{
$sSQL="Select `" . $Perms . "` FROM UserPermissions WHERE UserID=" . CCGetUserID();
$db->query($sSQL);
$dbvalue = $db->next_record() ? $db->f(0) : "";
$db->close();
if ($db->Debug)
printf("Debug: Results=%s<br>\n",$dbvalue);
if($dbvalue == "Y") {
return 1;
} else {
return 0;
}
}
This function relies on a table containing all your permisions based on the user. A simple Y or N for the checked permission, which is the column name, would return a 1 or 0 if they have the permission to view the object being checked.
eg:
if(!CheckPerms("ViewPage",$db)) {
$MainObject->SubObject->Visible=False;
}
The above would check the UserPermissions teble for the column ViewPage and see if the associated user from the CCGetUserID() has the permission or not.
Terry
|
|
|
|
|
