CodeCharge Studio
search Register Login  

Web Reporting

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> ASP

 File access security issue

 Print topic Send topic

Author Message
flipandboef


Posts: 107
Posted: 02/23/2007, 1:45 PM
I have a page that must display a list of files that are uploaded by that user AND that are uploaded by the same company. Files uploaded by other companies must stay hidden of cos..
I have a table Members, with a field MemberCompany, that is filled from the table Companies from the field CompanyName.
For the files I created a table Files with a field FileCompany.
How can I get the value from the logged in users' company so I can use this statement to display the frid:
Where: FileCompany [equals] MemberCompany ??

Another reason I like to use this statement, is so I can upload files, marking it for who they are (what company) so they can see it.

I cannot make a "hard" statement, since companies are added and removed from the database.

With other words:
It must lookup the company from the user and only show the files that have that compnay name included.

I use CCS 3.1 - ASP and a MS-Access DB.

Any ideas?
View profile  Send private message
peterr


Posts: 5971
Posted: 02/23/2007, 3:14 PM
Hi,
Here are tutorials on displaying records that belong to the current user:
http://forums.codecharge.com/posts.php?post_id=67714
Of course you can use any other session variable, for example CompanyID instead of UserID. In such case you would also need to create session variable "CompanyID" when users login (in your Login page, or in Common.asp (login function).
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com
View profile  Send private message
flipandboef


Posts: 107
Posted: 02/26/2007, 11:33 AM
thanks for the responds Peter,
I have on your advise made the CompanyID a variable in the Common.asp.

All worked out great!
Now there's only one more issue to tackle...
I need to have the Admin members to be able to see all files..
I saw in the Common.asp that there's a variable GroupID that comes out of the security field...
Can I just put in the Where statement:
Where: (FileCompany [=] CompanyID <session> OR GroupID = 4 <session>) ??

Table Security that's used also for page access:
SecID / SecDesc
1 - Visitor
2 - Designer
3 - Editor
4 - Admin

Or is there more to it?
Have not been able to try it out yet...
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.