User role permissions and publishing to the internet

Hi - I wanted to post here for a users view about the following questions I have. I’m currently evaluating scriptcase, having recently looked at phprunner which seemed ok and also very briefly at phpmaker, which I didn’t really spend any time with. I have also spent the last year using zoho which is very restrictive.

I am developing what should be a fairly simple asset storage application but which will need some fairly granular user access roles. I’ve asked scriptcase about this question who were originally very unhelpful but since have been much more helpful . I’ve been told this can be done but I would like to see what the view is from those who use the product and have to manage applications day to day.

The roles I think will be most complex are:

general user - They will be able to read and update data based on the company(ies) they work for. It isn’t necessarily data they have created but the attribute will be the company(ies) name /id(s). I may also split this up to have a read only role as well as the edit one but I’m guessing that wouldn’t be an issue if I can easily restrict access in this way. I will have about 2,000 companies (and probably a lot more users) so I need to have a viable process to easily and confidently restrict access with. I’m also expecting them to be able to edit their own account details.

charts user - I will want some users to just have a portal of canned charts and reports where access to those charts and reports doesn’t grant access to the underlying data. I’m thinking that I may give those users some drop down menus to give some options to generate variations of the predefined charts, for example a total sales chart by month with the user able to select Uk or France for example from a drop down menu. I may also have different types of charts users where the role grants access to differing reports but again I’m hoping that if a role can be created which can manage the original requirement a second role won’t be complicated. I’m also expecting them to be able to edit their own account details.
I also expect a hybrid - so a user has asset (row in the table) access by company(ies) attribute but summary access (across multiple tables) for reports
My other roles would be less restrictive

The other question is about making apps available on the internet -
Whilst Scriptcase have said that their generated php code avoids all the potentially impactful xsite scripting errors that can be left in php code I’ve read elsewhere that file permissions need to be opened up to 777 on all files which would be daft but is it true? Anyway, what should i consider (other than a pen test) or is code generated by scriptcase just not suitable for internet hosted applications.

Simon

Hi,
Yes, I think that creating an application like this will be quite well possible. We are developing applications for company healthcare and the managers can only access data of their employees following the orgchart and doctors can view all etc. There are several ways of doing that, by generating using a template of scriptcase, creating one of your own or something in between. I find the most advanced modal of scriptcase too much for application managers as this is a very complex module loaded with checkboxes for every form and every function. But if you need it, it works great.

Scriptcase is a great tool to create applications fast and you create full applications including menu’s etc. Not like some other tools which only generate a form at a time and you need to glue them all together somehow. But there is a catch. If you require quite some sophisticated functionality then it will take you some time to learn the tool in it’s full width. Don’t expect to sit down and let the inspiration come to you. You can do (almost) anything you like within the limitations of a case tool, but you won’t be able to create that ‘tomorrow’. Also: there are users who think that you can work with SC without any programming knowledge. To some extend it’s possible, but you will need to know how to program as your functionality will be more complex. So a good (not excelent) knowledge of php is necessary. SC will save you a lot of development time, leaving you the time to spend on more complex issues.

Then the 777 thing. If you have developed your application and have uploaded, you need to assign some connection settings. These settings needs to be stored. To be able to, the _lib needs 777 rights, depending on the php / apache installation. But after storing the data you can safely set the access rights back to 644.

I hope that this answer will help you. Sc is a great tool, with strong and less strong point. There are (some) bugs too. But we’ve been able to overcome and SC is delivering new versions on a pretty regular basis. The choice is up to you of course. Regarding generators, we’ve investigated a lot. And besides SC is not perfect it’s the best of it’s kind. So feel free to post your questions here if you need more information.

thank you

Thanks for the help

The permissions thing didn’t make sense but that does so thank you

Yes, I’m working through trying to setup an application at the moment to utilize my trial and can see that I will need to both utilise my php and sql skills. Well I’ve done a lot of sql in the past but less so php so but that’s fine.

My experience so far is that the product is good but I worry if I hit real problems i won’t get the support i may need but I’m not far in and so this may change