We want to be able to allow a user to see on the browse screen a user, and their details, but block them viewing the record proper based on a value in the sublying record.
I.E Manager can see all staff, but can only drill down if (Staff.Site) is in (Manager.Sites).
Which of the events should I be firing this on, and how should I gracefully say "GO AWAY"?
Welcome to the nuBuilder forums!
Please register and login to view forums and other content only available to registered users.
Please register and login to view forums and other content only available to registered users.
Record view security
-
- Posts: 503
- Joined: Thu May 24, 2012 2:08 am
- Location: Milan, Italy
- Contact:
Re: Record view security
fester,
you could use Custom Code > Before Browse to build a query based on your logic.
For example:
Hope this helps,
Max
you could use Custom Code > Before Browse to build a query based on your logic.
For example:
- open the user form and insert this in General tab > SQL field:
Code: Select all
SELECT * FROM #browseTable#
- in Custom Code > Before Browse insert something like this:
Code: Select all
$current_user_access_level = "#access_level#"; $sql = 'CREATE TABLE #browseTable# SELECT u.zzsys_user_id, u.sus_name, u.sus_login_name, g.sug_group_name, g.sug_zzsys_access_level_id, u.sys_added FROM zzsys_user AS u LEFT JOIN (zzsys_user_group AS g) ON (u.sus_zzsys_user_group_id=g.zzsys_user_group_id) '; if ($current_user_access_level != 'globeadmin') { $sql .= " WHERE g.sug_group_name = '$current_user_access_level' "; } nuRunQuery($sql);
Hope this helps,
Max
-
- Posts: 23
- Joined: Tue Nov 27, 2012 7:31 am
Re: Record view security
Awesome, got that implemented actually on BeforeOpen. User is allowed to see they exist, just not edit.
Now how would I gracefully tell them to "go away" and cancel back to the browse screen?
Now how would I gracefully tell them to "go away" and cancel back to the browse screen?
-
- Posts: 23
- Joined: Tue Nov 27, 2012 7:31 am
Re: Record view security
I am running the following code in BeforeOpen. I want to bump the UI back to the Browse screen if we get to the else part.
I was using the #session_id# variable in the appropriate field, but it appears empty. When I echo it to HTML i get no value.
I was using the #session_id# variable in the appropriate field, but it appears empty. When I echo it to HTML i get no value.
Code: Select all
if ($found == 1 or $hasRecord = 0)
{ }
else
{
echo 'You do not have access to view this person\'s information.';
$js = "openBrowse('150b3fbdb28054', '', '', '', '');";
addJSfunction($js);
}
-
- Posts: 503
- Joined: Thu May 24, 2012 2:08 am
- Location: Milan, Italy
- Contact:
Re: Record view security
fester, there is no simple way to stop nuBuilder before Edit Screen is loaded: have a look a this post.
You could try something like this:
You could try something like this:
- in Custom Code > Before Open you can build a JavaScript function to use when Edit Screen is loaded, eg:
Code: Select all
$js = "function getUserGroup() { return '".'#access_level#'."';} "; addJSFunction($js);
- in Custom Code > Javascript you can use the created function to alert not authorized users:
Code: Select all
function nuLoadThis() { // Stop user group 'xyz' if (getUserGroup() != 'xyz') { alert('You do not have access to view this person\'s information.'); gotoNuHistory(2); // go back to browse screen } }
-
- Posts: 23
- Joined: Tue Nov 27, 2012 7:31 am
Re: Record view security
Solved:
BeforeOpen:
Javascript:
gotoNuHistory() doesn't appear to work.
BeforeOpen:
Code: Select all
if ($found == 1 or $hasRecord == 0)
{
}
else
{
addJSfunction('DontLoadMe();');
}
Javascript:
Code: Select all
function DontLoadMe() {
alert('You do not have access to view this person\'s information.');
window.history.go(-1);
}
-
- Posts: 503
- Joined: Thu May 24, 2012 2:08 am
- Location: Milan, Italy
- Contact: