Allow only account owner

I want to allow only the account owner to access the delete page for their record.
It is not doing anything with the rule I have now on the attached delete page. I have also attached the security helper, helper rules and log in. My rule of access level = 10 is working but I don't think any of my session rules are working other than logged in and not logged in.

Thank You,

looks like the user id is stored in the communityid session variable.

also, in the tbl_posts table, does the customerid column relate to the tbl_directorylistings.communityid column?

if so, add another where clause to the recordset that populates the delete page.

the current where clause is:
WHERE postid = Parampostid


change that to:
WHERE postid = Parampostid AND customerid = paramUserID

and create another paramter as:
Name: paramUserID
Type: Integer
Default Value: -1
RunTime value: $_SESSION['communityid']


this will prevent the delete page form showing another users records.

In the user table, ie tbl_directorylistings the id column = customerid in tbl_posts. CommunityID is for the physical location id - we have them grouped into physical location groups and and have community managers for various groups and want each community manager to be able to edit only the listings in their territory. If you could kindly advise for rule for communityid and customerid that would be GREAT. I really appreciate your prompt and excellent support.

ok, so it looks like you would want to use the id session in the run time value then:

RunTime value: $_SESSION['id']

I did a "find" for WHERE postid = Parampostid and could not find it on the attached delete or results pages.

i wasn't suggesting you edit the code directly, i was suggesting you edit the recordset server behavior.

on the server behaviors panel, double click the recordset server behavior to edit it, and add the additional condition to the where clause and create the additional parameter.