ted hart
|
| Posted: 08/21/2003, 6:32 AM |
|
Please help... I hoppe I am lost coz it should not be difficult to do.
I have 4 access tables one jobseeker one freelancers one employentads and a
(Security) members Database. only people in the members Database can add a
record to any of the 3 tables. How can I keep track of the UserId in the
table that are created in order to allow update of the user's record.
Thanks for your help
Ted
|
|
|
 |
Juan Domingo Herrera
|
| Posted: 08/21/2003, 8:36 AM |
|
Hi Ted,
Check the RESTRICT property (at a level page) and press the three dots "..."
and there you will be able to set that behavior.
--
Regards,
Juan Domingo Herrera
SoftMasters - http://www.softmasters.com.ar
Buenos Aires - Argentina
"ted hart" <ted@hart.com> escribió en el mensaje
news:bi2hlg$r8n$1@news.codecharge.com...
> Please help... I hoppe I am lost coz it should not be difficult to do.
>
> I have 4 access tables one jobseeker one freelancers one employentads and
a
> (Security) members Database. only people in the members Database can add
a
> record to any of the 3 tables. How can I keep track of the UserId in the
> table that are created in order to allow update of the user's record.
>
> Thanks for your help
>
> Ted
>
>
|
|
|
|
ted hart
|
| Posted: 08/23/2003, 12:43 AM |
|
Thanks Juan... I guess I was not clear in my message...I wanted to restrict
update/edit profile to the owner of that profile only...Sorry for the
confusion...cheers
"Juan Domingo Herrera" <juandherrera@hotmail.com> wrote in message
news:bi2ot9$5di$1@news.codecharge.com...
> Hi Ted,
>
> Check the RESTRICT property (at a level page) and press the three dots
"..."
> and there you will be able to set that behavior.
>
> --
> Regards,
> Juan Domingo Herrera
> SoftMasters - http://www.softmasters.com.ar
> Buenos Aires - Argentina
>
>
> "ted hart" <ted@hart.com> escribió en el mensaje
>news:bi2hlg$r8n$1@news.codecharge.com...
> > Please help... I hoppe I am lost coz it should not be difficult to do.
> >
> > I have 4 access tables one jobseeker one freelancers one employentads
and
> a
> > (Security) members Database. only people in the members Database can
add
> a
> > record to any of the 3 tables. How can I keep track of the UserId in the
> > table that are created in order to allow update of the user's record.
> >
> > Thanks for your help
> >
> > Ted
> >
> >
>
>
|
|
|
|
DonB
|
| Posted: 08/25/2003, 12:19 PM |
|
What you will need to do is code a bit into the page BeforeShow event to
test the value of the logged-in userid vs the record being accessed. You
can easily hide the inappropriate buttons (such as setting the page up to
show only the "Submit") to prevent unauthorized updates. You might even go
so far as to immediately redirect to a "not authorized" page if you don't
want them to even see the record.
Alternatively, you can code the BeforeInsert, BeforeUpdate or BeforeDelete
events to make a similar security check and simply discard the attempt.
Another consideration is to set up the datasource with a "WHERE" that
involves the user's loginid (as returned by CCGetUserID), so that they
cannot retrieve a profile record except for the one that matches their
userid.
--
DonB
http://www.gotodon.com/ccbth
"ted hart" <ted@hart.com> wrote in message
news:bi75ul$s8u$1@news.codecharge.com...
> Thanks Juan... I guess I was not clear in my message...I wanted to
restrict
> update/edit profile to the owner of that profile only...Sorry for the
> confusion...cheers
>
> "Juan Domingo Herrera" <juandherrera@hotmail.com> wrote in message
>news:bi2ot9$5di$1@news.codecharge.com...
> > Hi Ted,
> >
> > Check the RESTRICT property (at a level page) and press the three dots
> "..."
> > and there you will be able to set that behavior.
> >
> > --
> > Regards,
> > Juan Domingo Herrera
> > SoftMasters - http://www.softmasters.com.ar
> > Buenos Aires - Argentina
> >
> >
> > "ted hart" <ted@hart.com> escribió en el mensaje
> >news:bi2hlg$r8n$1@news.codecharge.com...
> > > Please help... I hoppe I am lost coz it should not be difficult to do.
> > >
> > > I have 4 access tables one jobseeker one freelancers one employentads
> and
> > a
> > > (Security) members Database. only people in the members Database can
> add
> > a
> > > record to any of the 3 tables. How can I keep track of the UserId in
the
> > > table that are created in order to allow update of the user's record.
> > >
> > > Thanks for your help
> > >
> > > Ted
> > >
> > >
> >
> >
>
>
|
|
|
|
ted hart
|
| Posted: 08/26/2003, 12:39 AM |
|
Thanks Don,
I appreciate your help, my question is as follows:
Knowing that we have one table for security & 3 tables for jobs, employment
ads, and one for freelancers.
People have to register (security table) to be able to fill a profile/ad
(jobs - opportunities & freelancers) UserId is related to security table
(right?) so how can I get a user that registered as a freelancer update his
profile ONLY (and not other users profiles) in freelancers table (security
and group levels allows them to update/edit any record in table).
Thanks again for your valuable insight
Ted
"DonB" <~ccbth~@gotodon.com> wrote in message
news:bidnfl$gc$1@news.codecharge.com...
> What you will need to do is code a bit into the page BeforeShow event to
> test the value of the logged-in userid vs the record being accessed. You
> can easily hide the inappropriate buttons (such as setting the page up to
> show only the "Submit") to prevent unauthorized updates. You might even
go
> so far as to immediately redirect to a "not authorized" page if you don't
> want them to even see the record.
>
> Alternatively, you can code the BeforeInsert, BeforeUpdate or BeforeDelete
> events to make a similar security check and simply discard the attempt.
>
> Another consideration is to set up the datasource with a "WHERE" that
> involves the user's loginid (as returned by CCGetUserID), so that they
> cannot retrieve a profile record except for the one that matches their
> userid.
>
> --
> DonB
>
> http://www.gotodon.com/ccbth
>
>
> "ted hart" <ted@hart.com> wrote in message
>news:bi75ul$s8u$1@news.codecharge.com...
> > Thanks Juan... I guess I was not clear in my message...I wanted to
> restrict
> > update/edit profile to the owner of that profile only...Sorry for the
> > confusion...cheers
> >
> > "Juan Domingo Herrera" <juandherrera@hotmail.com> wrote in message
> >news:bi2ot9$5di$1@news.codecharge.com...
> > > Hi Ted,
> > >
> > > Check the RESTRICT property (at a level page) and press the three dots
> > "..."
> > > and there you will be able to set that behavior.
> > >
> > > --
> > > Regards,
> > > Juan Domingo Herrera
> > > SoftMasters - http://www.softmasters.com.ar
> > > Buenos Aires - Argentina
> > >
> > >
> > > "ted hart" <ted@hart.com> escribió en el mensaje
> > >news:bi2hlg$r8n$1@news.codecharge.com...
> > > > Please help... I hoppe I am lost coz it should not be difficult to
do.
> > > >
> > > > I have 4 access tables one jobseeker one freelancers one
employentads
> > and
> > > a
> > > > (Security) members Database. only people in the members Database
can
> > add
> > > a
> > > > record to any of the 3 tables. How can I keep track of the UserId in
> the
> > > > table that are created in order to allow update of the user's
record.
> > > >
> > > > Thanks for your help
> > > >
> > > > Ted
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
|
|
|
DonB
|
| Posted: 08/26/2003, 6:27 PM |
|
It's more an issue of restricting what they can see, not what the security
setting it. That may seem confusing. But think about your datasource and
how it is retrieving data. It evidently is not enforcing a "WHERE userid =
x" on its SELECT, so anyone can pull up any record, regardless of the userid
they are logged into.
Change the Datasource of the page (Grid, Record or whatever) so that it
includes a "Parameter" (which is how the WHERE stuff is labelled on the
DataSource's property dialog). This let's you add WHERE terms to the SELECT
that the DataSource uses. Since the user can't change the session variable
that holds their userid, create the Parameter with a "Parameter Source" of
"Session("UserID") and a "Parameter Type" of "Expression". This way, they
can only access records other than those marked with their userid, and they
can't override the WHERE to fake some other userid. Of course, you'd also
want to disallow Insert or Delete, leaving only Update as a valid action.
--
DonB
http://www.gotodon.com/ccbth
"ted hart" <ted@hart.com> wrote in message
news:bif2p7$pdt$1@news.codecharge.com...
> Thanks Don,
>
> I appreciate your help, my question is as follows:
>
> Knowing that we have one table for security & 3 tables for jobs,
employment
> ads, and one for freelancers.
>
> People have to register (security table) to be able to fill a profile/ad
> (jobs - opportunities & freelancers) UserId is related to security table
> (right?) so how can I get a user that registered as a freelancer update
his
> profile ONLY (and not other users profiles) in freelancers table (security
> and group levels allows them to update/edit any record in table).
>
> Thanks again for your valuable insight
>
> Ted
>
>
>
> "DonB" <~ccbth~@gotodon.com> wrote in message
>news:bidnfl$gc$1@news.codecharge.com...
> > What you will need to do is code a bit into the page BeforeShow event to
> > test the value of the logged-in userid vs the record being accessed.
You
> > can easily hide the inappropriate buttons (such as setting the page up
to
> > show only the "Submit") to prevent unauthorized updates. You might even
> go
> > so far as to immediately redirect to a "not authorized" page if you
don't
> > want them to even see the record.
> >
> > Alternatively, you can code the BeforeInsert, BeforeUpdate or
BeforeDelete
> > events to make a similar security check and simply discard the attempt.
> >
> > Another consideration is to set up the datasource with a "WHERE" that
> > involves the user's loginid (as returned by CCGetUserID), so that they
> > cannot retrieve a profile record except for the one that matches their
> > userid.
> >
> > --
> > DonB
> >
> > http://www.gotodon.com/ccbth
> >
> >
> > "ted hart" <ted@hart.com> wrote in message
> >news:bi75ul$s8u$1@news.codecharge.com...
> > > Thanks Juan... I guess I was not clear in my message...I wanted to
> > restrict
> > > update/edit profile to the owner of that profile only...Sorry for the
> > > confusion...cheers
> > >
> > > "Juan Domingo Herrera" <juandherrera@hotmail.com> wrote in message
> > >news:bi2ot9$5di$1@news.codecharge.com...
> > > > Hi Ted,
> > > >
> > > > Check the RESTRICT property (at a level page) and press the three
dots
> > > "..."
> > > > and there you will be able to set that behavior.
> > > >
> > > > --
> > > > Regards,
> > > > Juan Domingo Herrera
> > > > SoftMasters - http://www.softmasters.com.ar
> > > > Buenos Aires - Argentina
> > > >
> > > >
> > > > "ted hart" <ted@hart.com> escribió en el mensaje
> > > >news:bi2hlg$r8n$1@news.codecharge.com...
> > > > > Please help... I hoppe I am lost coz it should not be difficult to
> do.
> > > > >
> > > > > I have 4 access tables one jobseeker one freelancers one
> employentads
> > > and
> > > > a
> > > > > (Security) members Database. only people in the members Database
> can
> > > add
> > > > a
> > > > > record to any of the 3 tables. How can I keep track of the UserId
in
> > the
> > > > > table that are created in order to allow update of the user's
> record.
> > > > >
> > > > > Thanks for your help
> > > > >
> > > > > Ted
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
|
|
|
ted hart
|
| Posted: 08/29/2003, 1:27 AM |
|
Don Again I really appreciate your help.
UserId is the autoincrement field in table "members" which is the security
table. WHERE condition is where id = id or userid = id.
In other tables (Jobseekers, Job Ads, or freelancers ) id (autoincrement is
generated when registered in members (security) table) I thought maybe I
have to pass the value from UserId (members table) to another field in
information table (jobseekers for example) to allow update of the record the
registered user created only.
Thanks for your help
"DonB" <~ccbth~@gotodon.com> wrote in message
news:bih1dn$rt0$1@news.codecharge.com...
> It's more an issue of restricting what they can see, not what the security
> setting it. That may seem confusing. But think about your datasource and
> how it is retrieving data. It evidently is not enforcing a "WHERE userid
=
> x" on its SELECT, so anyone can pull up any record, regardless of the
userid
> they are logged into.
>
> Change the Datasource of the page (Grid, Record or whatever) so that it
> includes a "Parameter" (which is how the WHERE stuff is labelled on the
> DataSource's property dialog). This let's you add WHERE terms to the
SELECT
> that the DataSource uses. Since the user can't change the session
variable
> that holds their userid, create the Parameter with a "Parameter Source" of
> "Session("UserID") and a "Parameter Type" of "Expression". This way, they
> can only access records other than those marked with their userid, and
they
> can't override the WHERE to fake some other userid. Of course, you'd also
> want to disallow Insert or Delete, leaving only Update as a valid action.
>
> --
> DonB
>
> http://www.gotodon.com/ccbth
>
>
> "ted hart" <ted@hart.com> wrote in message
>news:bif2p7$pdt$1@news.codecharge.com...
> > Thanks Don,
> >
> > I appreciate your help, my question is as follows:
> >
> > Knowing that we have one table for security & 3 tables for jobs,
> employment
> > ads, and one for freelancers.
> >
> > People have to register (security table) to be able to fill a profile/ad
> > (jobs - opportunities & freelancers) UserId is related to security table
> > (right?) so how can I get a user that registered as a freelancer update
> his
> > profile ONLY (and not other users profiles) in freelancers table
(security
> > and group levels allows them to update/edit any record in table).
> >
> > Thanks again for your valuable insight
> >
> > Ted
> >
> >
> >
> > "DonB" <~ccbth~@gotodon.com> wrote in message
> >news:bidnfl$gc$1@news.codecharge.com...
> > > What you will need to do is code a bit into the page BeforeShow event
to
> > > test the value of the logged-in userid vs the record being accessed.
> You
> > > can easily hide the inappropriate buttons (such as setting the page up
> to
> > > show only the "Submit") to prevent unauthorized updates. You might
even
> > go
> > > so far as to immediately redirect to a "not authorized" page if you
> don't
> > > want them to even see the record.
> > >
> > > Alternatively, you can code the BeforeInsert, BeforeUpdate or
> BeforeDelete
> > > events to make a similar security check and simply discard the
attempt.
> > >
> > > Another consideration is to set up the datasource with a "WHERE" that
> > > involves the user's loginid (as returned by CCGetUserID), so that they
> > > cannot retrieve a profile record except for the one that matches their
> > > userid.
> > >
> > > --
> > > DonB
> > >
> > > http://www.gotodon.com/ccbth
> > >
> > >
> > > "ted hart" <ted@hart.com> wrote in message
> > >news:bi75ul$s8u$1@news.codecharge.com...
> > > > Thanks Juan... I guess I was not clear in my message...I wanted to
> > > restrict
> > > > update/edit profile to the owner of that profile only...Sorry for
the
> > > > confusion...cheers
> > > >
> > > > "Juan Domingo Herrera" <juandherrera@hotmail.com> wrote in message
> > > >news:bi2ot9$5di$1@news.codecharge.com...
> > > > > Hi Ted,
> > > > >
> > > > > Check the RESTRICT property (at a level page) and press the three
> dots
> > > > "..."
> > > > > and there you will be able to set that behavior.
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Juan Domingo Herrera
> > > > > SoftMasters - http://www.softmasters.com.ar
> > > > > Buenos Aires - Argentina
> > > > >
> > > > >
> > > > > "ted hart" <ted@hart.com> escribió en el mensaje
> > > > >news:bi2hlg$r8n$1@news.codecharge.com...
> > > > > > Please help... I hoppe I am lost coz it should not be difficult
to
> > do.
> > > > > >
> > > > > > I have 4 access tables one jobseeker one freelancers one
> > employentads
> > > > and
> > > > > a
> > > > > > (Security) members Database. only people in the members
Database
> > can
> > > > add
> > > > > a
> > > > > > record to any of the 3 tables. How can I keep track of the
UserId
> in
> > > the
> > > > > > table that are created in order to allow update of the user's
> > record.
> > > > > >
> > > > > > Thanks for your help
> > > > > >
> > > > > > Ted
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
|
|
|
|
