CodeCharge StudioYour Task Management system is now almost complete, except one possibly important feature- security.
Currently everyone can modify and delete any of the tasks. You may want to limit the access so that only the employee assigned to as task can update their tasks. There are many ways of accomplishing this, and we will examine several of them.
// Write your own code here.
with the code below:
global $tasks;
global $Redirect;
global $DBIntranetDB;
$current_task = CCGetParam("task_id", "");
if ($current_task != 0 && CCGetUserID() != CCDLookUp("user_id_assign_to", "tasks", "task_id=".
$DBIntranetDB->ToSQL($current_task, ccsInteger), $DBIntranetDB))
{
$tasks->Visible = false;
// $Redirect = "tasks_list.php";
// $tasks->UpdateAllowed = false;
// $tasks->DeleteAllowed = false;
}
The above code allows you to test the following methods of implementing record security:
You can hide any form on a page by assigning a False value to the Visible property of the form. The code $current_task != 0 in the if condition specifies that the code should be executed only if the user tries to modify an existing task and he/she is not assigned to it. The if also assures that all users can create new tasks. You can test this functionality by inserting the above code into the event, then switching to Live Page mode and trying to modify a task that is not assigned to you, in which case you should see an empty page. Although such functionality may not be very useful, it shows how you can hide forms on a page. You may consider adding another record form to your page that is not updateable and has just the Label fields that show information. Once you have two forms on the page, you can hide each form programmatically using mutually exclusive criteria.
You can implement and test this functionality by slightly modifying the above code as shown below:
global $tasks;
global $Redirect;
global $DBIntranetDB;
$current_task = CCGetParam("task_id", "");
if ($current_task != 0 && CCGetUserID() != CCDLookUp("user_id_assign_to", "tasks", "task_id=".
$DBIntranetDB->ToSQL($current_task, ccsInteger), $DBIntranetDB))
{
// $tasks->Visible = false;
$Redirect = "tasks_list.php";
// $tasks->UpdateAllowed = false;
// $tasks->DeleteAllowed = false;
}
The above code shows that you should comment out the previously active line, and uncomment the line that starts with $Redirect. $Redirect is a variable used by CodeCharge Studio to determine if the current page should be redirected to another page, for example if a user is not logged in. This variable can be used only on pages that have restricted access and require users to login. You can simply assign the destination page to the $Redirect variable and the page will be automatically redirected. Test this functionality by modifying the code as shown then switch to Live Page mode and trying to modify a task that is not assigned to you.
You can implement and test this functionality by slightly modifying the above code as shown below:
global $tasks;
global $Redirect;
global $DBIntranetDB;
$current_task = CCGetParam("task_id", "");
if ($current_task != 0 && CCGetUserID() != CCDLookUp("user_id_assign_to", "tasks", "task_id=".
$DBIntranetDB->ToSQL($current_task, ccsInteger), $DBIntranetDB))
{
// $tasks->Visible = false;
// $Redirect = "tasks_list.php";
$tasks->UpdateAllowed = false;
$tasks->DeleteAllowed = false;
}
This code shows how you can manipulate the UpdateAllowed and DeleteAllowed properties of a record form.
These properties control record update/delete operations execution. If set to false,
the operation will not be executed.
These properties also control the visiblity of the Update and Delete buttons on the page.
Next: Conclusion