CodeCharge StudioYour Task Management system is now almost complete, except one possibly important feature- security. Currently everyone can modify and delete any of the tasks. You may want to limit the access so that only the employee assigned to as task can update their tasks. There are many ways of accomplishing this, and we will examine several of them.
' Write your own code here.
with the code below:
Dim current_task
Dim assigned_user
current_task = CCGetParam("task_id", Empty)
If IsNumeric(current_task) Then
assigned_user = CCDLookUp("user_id_assign_to", "tasks", "task_id=" &_
DBIntranetDB.ToSQL(current_task, ccsInteger), DBIntranetDB)
If CInt(current_task) <> 0 and CInt(CCGetUserID()) <> CInt(assigned_user) Then
tasks.Visible = False
' Redirect = "tasks_list.asp"
' tasks.UpdateAllowed = False
' tasks.DeleteAllowed = False
End if
End if
The above code allows you to test the following methods of implementing record security:
You can hide any form on a page by assigning a False value to the Visible property of the form. The code current_task <>0 in the if condition specifies that the code should be executed only if a user tries to modify an existing task and he/she is not assigned to it. The if also assures that all users can create new tasks. You can test this functionality by inserting the above code into the event, then switching to Live Page mode and trying to modify a task that is not assigned to you, in which case you should see an empty page. Although such functionality may not be very useful, it shows how you can hide forms on a page. You may consider adding another record form to your page that is not updateable and has just the Label fields that show information. Once you have two forms on the page, you can hide each form programmatically using mutually exclusive criteria.
You can implement and test this functionality by slightly modifying the above code as shown below:
Dim current_task
Dim assigned_user
current_task = CCGetParam("task_id", Empty)
If IsNumeric(current_task) Then
assigned_user = CCDLookUp("user_id_assign_to", "tasks", "task_id=" &_
DBIntranetDB.ToSQL(current_task, ccsInteger), DBIntranetDB)
If CInt(current_task) <> 0 and CInt(CCGetUserID()) <> CInt(assigned_user) Then
' tasks.Visible = False
Redirect = "tasks_list.asp"
' tasks.UpdateAllowed = False
' tasks.DeleteAllowed = False
End if
End if
The above code shows that you should comment out the previously active line, and uncomment the line that starts with Redirect. Redirect is a variable used by CodeCharge Studio to determine if the current page should be redirected to another page, for example if a user is not logged in. This variable can be used only on pages that have restricted access and require users to login. You can simply assign the destination page to the Redirect variable and the page will be automatically redirected. Test this functionality by modifying the code as shown then switch to Live Page mode and try to modify a task that is not assigned to you.
You can implement and test this functionality by slightly modifying the above code as shown below:
Dim current_task
Dim assigned_user
current_task = CCGetParam("task_id", Empty)
If IsNumeric(current_task) Then
assigned_user = CCDLookUp("user_id_assign_to", "tasks", "task_id=" &_
DBIntranetDB.ToSQL(current_task, ccsInteger), DBIntranetDB)
If CInt(current_task) <> 0 and CInt(CCGetUserID()) <> CInt(assigned_user) Then
' tasks.Visible = False
' Redirect = "tasks_list.asp"
tasks.UpdateAllowed = False
tasks.DeleteAllowed = False
End if
End if
This code shows how you can manipulate the UpdateAllowed and DeleteAllowed properties of a record form.
These properties control record update/delete operations execution. If set to false,
the operation will not be executed.
These properties control also the visibility of the Update and Delete buttons on the page.
Next: Conclusion