Record view security

[fester]

We want to be able to allow a user to see on the browse screen a user, and their details, but block them viewing the record proper based on a value in the sublying record.

I.E Manager can see all staff, but can only drill down if (Staff.Site) is in (Manager.Sites).

Which of the events should I be firing this on, and how should I gracefully say "GO AWAY"?

[massiws]

fester,

you could use Custom Code > Before Browse to build a query based on your logic.

For example:

• open the user form and insert this in General tab > SQL field:

  Code: Select all

  SELECT * FROM #browseTable#

• in Custom Code > Before Browse insert something like this:

  Code: Select all

  $current_user_access_level = "#access_level#";
  
  $sql = 'CREATE TABLE #browseTable#
   SELECT u.zzsys_user_id, u.sus_name, u.sus_login_name, g.sug_group_name, g.sug_zzsys_access_level_id, u.sys_added
   FROM zzsys_user AS u
   LEFT JOIN (zzsys_user_group AS g) ON (u.sus_zzsys_user_group_id=g.zzsys_user_group_id) ';
   
  if ($current_user_access_level != 'globeadmin') {
      $sql .= " WHERE g.sug_group_name = '$current_user_access_level' ";
  }
  nuRunQuery($sql);

This allows users to see only the members of their group, while the globeadmin can view all users.

Hope this helps,
Max

[fester]

Awesome, got that implemented actually on BeforeOpen. User is allowed to see they exist, just not edit.

Now how would I gracefully tell them to "go away" and cancel back to the browse screen?

[fester]

I am running the following code in BeforeOpen. I want to bump the UI back to the Browse screen if we get to the else part.

I was using the #session_id# variable in the appropriate field, but it appears empty. When I echo it to HTML i get no value.

Code: Select all

if ($found == 1 or $hasRecord = 0)
{ }
else
{
    echo 'You do not have access to view this person\'s information.';
    $js = "openBrowse('150b3fbdb28054', '', '', '', '');";
    addJSfunction($js);
}

[massiws]

fester, there is no simple way to stop nuBuilder before Edit Screen is loaded: have a look a this post.

You could try something like this:

• in Custom Code > Before Open you can build a JavaScript function to use when Edit Screen is loaded, eg:

  Code: Select all

  $js = "function getUserGroup() { return '".'#access_level#'."';} ";
  addJSFunction($js);

• in Custom Code > Javascript you can use the created function to alert not authorized users:

  Code: Select all

  function nuLoadThis() {
      
      // Stop user group 'xyz'
      if (getUserGroup() != 'xyz') {
          alert('You do not have access to view this person\'s information.');
          gotoNuHistory(2);    // go back to browse screen
      }
  
  }

Max

[fester]

Solved:
BeforeOpen:

Code: Select all

if ($found == 1 or $hasRecord == 0)
{

}
else
{  
      addJSfunction('DontLoadMe();');
}

Javascript:

Code: Select all

function DontLoadMe() {
    
        alert('You do not have access to view this person\'s information.');
        window.history.go(-1); 
}

gotoNuHistory() doesn't appear to work.

[massiws]

Well done!