No announcement yet.

Security Module Application Access Validation

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Module Application Access Validation

    Using the Security Module - Group. Currently three user groups (Admin, Editor, User). May have more later.

    Would like to use the same grid for all users - however, I would like to hide the pencil Icon for any user group that doesn't have priv_update.

    I found the code...

    sc_apl_conf("Application", "lig_edit", "off”);

    That should allow me to do what I need - I just don't know get at the group validation variables to construct the if command. The application currently stops the user if they click on the pencil and states "Unauthorized User" -- but this in my opinion makes the app appear unfinished.

    Any assistance would be appreciated.

  • #2
    I have the following code in my menu app's onApplicationInit event to determine the logged in user's group. It places that group name in a global variable you can then inspect wherever else you need to:

    // Determine logged in user's Group
    $sqlq = 
    	"SELECT ".
    		"sec_groups.description ".
    	"FROM ".
    		"sec_users ".
    			"INNER JOIN sec_users_groups ".
    				"ON sec_users.login = sec_users_groups.login ".
    			"INNER JOIN sec_groups ".
    				"ON sec_users_groups.group_id = sec_groups.group_id ".
    	"WHERE ".
    		"sec_users.login = '" . [usr_login] . "'";
    sc_lookup(my_data, $sqlq);
    if ({my_data} === false) {
    	echo "<script type='text/javascript'>alert('Access error determining user group (Menu app). Message = " . 
    		{my_data_erro} . "');</script>";
    } elseif (empty({my_data})) {
    	echo "<script type='text/javascript'>alert('No group found for user (Menu app)');</script>";
    } else {
    	$ugroup = {my_data[0][0]};
    [ugroup] = $ugroup;
    Last edited by adz1111; 11-25-2014, 08:24 AM.


    • #3

      I will look at adding similar code. I had assumed that since the Security Module looked at the group value each time an app is started that it would be stored for the current user (most likely session based) in a variable already.

      I added the following to the onexecute of a blank application
      echo '<pre>' . print_r($_SESSION, TRUE) . '</pre>';
      this gave me all of the variables

      Upon review I found that an array is created for each application that contains:

      [form_well_log] => Array
      [insert] => off
      [delete] => off
      [update] => off
      [btn_display] => Array
      [xls] => off
      [word] => off
      [pdf] => off
      [xml] => off
      [csv] => off
      [rtf] => off
      [print] => off

      Then I assume I can add something like the following to the Grid form event onApplicationinit:

      if({$form_well_log[update]} == "off"){
      sc_apl_conf("Application", "lig_edit", "off”);
      Last edited by DSM; 11-26-2014, 01:29 PM.


      • #4
        Well as you say - you would assume the group would be in a global variable like [usr_login] for the login name - but it isn't, hence the code I gave to extract it.

        Regarding [update] - that is telling you that the "save" button is not visible; that whole array is basically the state of the toolbar buttons. Now, these can be turned on or off in code so there's no guarantee that the absence of the button is a true representation. IMHO much better to note the group as earlier shown (only runs once per login), and then:

        if ([ugroup] != 'administrator') {                       // Or whatever group
            sc_apl_conf('Application', lig_edit', 'off');        // Configure app before calling
            sc_redir('Application');                             // Call the app


        • #5
          Thanks -- I really appreciate the input -- definitely be adding the code per your suggestion.