nuBuilder Forum

Posted: **Thu Oct 02, 2014 5:21 pm**

Dear NuBuilders,

Obviously, NuBuilder is a backoffice application. Does it work for customers, too ?

Aim
Some well-known customers want to access their own data via Browser.
As an example, a customer might login and browse his list of invoices.

Howto
We can, of course, maintain logins for these customers and tell them their name+password. I know we can restrict access to forms and objects, too.
But can we filter table rows depending on the current user ?
A customer must never see other customers invoices. Even when fiddling around in the browsers URL.

Has NuBuilder a way to accomplish that ?
I'd be *very* glad.

Thank you,
Ruben

Posted: **Fri Oct 03, 2014 12:19 am**

Ruben,
first, customers allowed to browse their invoices should have a dedicated Access level and User group: each user must login with his/her username+password.

Second, you need a system to map customers and users.
This can be done:

using the same id for user and customer (but you have to insert user manually in database); so, in the SQL of your invoice table you may use:
Code: Select all
```
SELECT * FROM invoice WHERE inv_customer_id = '#nu_user_id#' OR 'globeadmin' = '#nu_access_level#';
```
add a new sus_customer_id field in zzzsys_user table (simple, but you have to hack a system table: I don't know if this can be dangerous for future upgrading); so, in the SQL of your invoice table you may use:
Code: Select all
```
SELECT * FROM invoice INNER JOIN zzzsys_user ON inv_customer_id = sus_customer_id WHERE inv_customer_id = '#nu_user_id#' OR 'globeadmin' = '#nu_access_level#';
```
building a new table customer_user to map customer_id and user_id:
customer_user
- customer_user_id
- cuus_customer_id
- cuus_user_id

So, in the SQL of your invoice table you may use:
Code: Select all
```
SELECT * FROM invoice INNER JOIN customer_user ON inv_customer_id = cuus_customer_id WHERE cuus_user_id = '#nu_user_id#' OR 'globeadmin' = '#nu_access_level#';
```

You can use #nu_user_id# hash variable in all SQL or PHP code to get ID of current user and filter what he/she can access.

Hope this helps,
Max

Posted: **Mon Oct 06, 2014 1:06 pm**

Hope this helps,

Yes, absolutely! The 3rd version even allows to keep eventually existing (Integer) customer_id. Additionally, it's a good idea to privilege globeadmin

Thank you very much,
Ruben

Posted: **Mon Oct 06, 2014 11:46 pm**

nuBuilder Forum

NuBuilder @ Front Office (restrict access to table rows)

NuBuilder @ Front Office (restrict access to table rows)

Re: NuBuilder @ Front Office (restrict access to table rows)

Re: NuBuilder @ Front Office (restrict access to table rows)

Re: NuBuilder @ Front Office (restrict access to table rows)