close ad
Help us test the new Databridge BETA with MySQLi support
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Allow only account owner

Thread began 10/25/2012 11:11 pm by jo271221 | Last modified 10/27/2012 2:56 pm by Jason Byrnes | 727 views | 5 replies |

jo271221

Allow only account owner

I want to allow only the account owner to access the delete page for their record.
It is not doing anything with the rule I have now on the attached delete page. I have also attached the security helper, helper rules and log in. My rule of access level = 10 is working but I don't think any of my session rules are working other than logged in and not logged in.

Thank You,

Attached Files
_login.zip
Sign in to reply to this post

Jason ByrnesWebAssist

looks like the user id is stored in the communityid session variable.

also, in the tbl_posts table, does the customerid column relate to the tbl_directorylistings.communityid column?

if so, add another where clause to the recordset that populates the delete page.

the current where clause is:
WHERE postid = Parampostid


change that to:
WHERE postid = Parampostid AND customerid = paramUserID

and create another paramter as:
Name: paramUserID
Type: Integer
Default Value: -1
RunTime value: $_SESSION['communityid']


this will prevent the delete page form showing another users records.

Sign in to reply to this post

jo271221

customerid = id

In the user table, ie tbl_directorylistings the id column = customerid in tbl_posts. CommunityID is for the physical location id - we have them grouped into physical location groups and and have community managers for various groups and want each community manager to be able to edit only the listings in their territory. If you could kindly advise for rule for communityid and customerid that would be GREAT. I really appreciate your prompt and excellent support.

Sign in to reply to this post

Jason ByrnesWebAssist

ok, so it looks like you would want to use the id session in the run time value then:

RunTime value: $_SESSION['id']

Sign in to reply to this post

jo271221

Can't find WHERE postid = Parampostid

I did a "find" for WHERE postid = Parampostid and could not find it on the attached delete or results pages.

Attached Files
_p_results.zip
Sign in to reply to this post

Jason ByrnesWebAssist

i wasn't suggesting you edit the code directly, i was suggesting you edit the recordset server behavior.

on the server behaviors panel, double click the recordset server behavior to edit it, and add the additional condition to the where clause and create the additional parameter.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...