Access Rules Manager - Problem creating new rules using dynamic source
Hi Jason/Webassist,
Please help me.
I'm having problems implementing an access rule which grants access to a DA order detail page according to an exact match between the session email AND the email field of the record displayed on the detail page. I need to use this in a "show region if" server behaviour applied to the visible page content.
(This is necessary for security purposes as the detail page displays unique customised products and nobody other than the initiator of the order should see it under any circumstances including by guessing the link if they are a member themselves i.e. "logged in to members" isn't sufficient and each order is associated with a single email address which = the unique username)
FYI, applying "show region if" using the "logged into members" preset works fine so everything is loaded OK. Things also work when I add an absolute email address e.g. test@test.com into the compare-to field versus the session email. But they DON'T work when I try to pick up the compare-to variable dynamically from the lightening bolt at all. I've been through all the help documentation and seem to be doing everything right. Sessions are activated on the page.
So...I figure this must be something you can solve for me! Can you tell me what code the rule should read for this please?
The code from HelpersGroupsRules.php is:
________________________
case "Order detail security":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['email']))?$_SESSION['email']:"") ."", 1, "".$row_WADAorders['email'] ."");
break;
_________________________
I've also tried using a php echo of the comparison field in a hidden field on the page (outside the "show if" region) named owneremail which results in the code below (again, no joy).
case "Order detail security":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['email']))?$_SESSION['email']:"") ."", 1, "".((isset($_POST["owneremail"]))?$_POST["owneremail"]:"") ."");
break;
____________________________
Fingers crossed this a simple mistake to correct - hopefully you can send me a code correction (I've been working on this all day and can't see the wood for the trees any more).
But if this isn't easy to solve please can I ask you to open a support ticket and tell me what else I need to provide you with so I can send you more info in 1 go (unfortunately I'm unable to post the page this is applied to on a public forum)? I'm in Australia so any on-line conversation with USA isn't a practical option unfortunately.
Very gratefully yours as usual,
Ann