Choose your database:
AnySQL
MySQL
MS SQL Server
PostgreSQL
SQLite
Firebird
Oracle
SQL Anywhere
DB2
MaxDB

Subscribe to our news:
Partners

MaxDB PHP Generator online Help

Prev Return to chapter overview Next

OnGetCustomRecordPermissions

This event allows you to customize record-level permissions.

 

Signature:

function OnGetCustomRecordPermissions($page, &$usingCondition, $rowData,

       &$allowEdit, &$allowDelete, &$mergeWithDefault, &$handled)

 

Parameters:

$page

An instance of the Page class.

$usingCondition

Any logical SQL expression. Rows for which the expression returns true will be visible

$rowData

The associative array of values that corresponds currently processed row

$allowEdit

If true, the user can edit values of the currently processed row.

$allowDelete

If true, the user can delete the currently processed row.

$mergeWithDefault

Indicates whether custom permissions should be merged with default ones (if any). Default value is true.

$handled

A parameter to indicate whether the new permissions should be applied. Set $handled to true to apply the changes.

 

Example

Assume we have a small company with several sales departments. All users of our application are sales managers, which work in one of these departments. Each such user can work as an ordinary manager or as a head manager of the department. Our challenge is to grant privileges in the following way:

 

- Ordinary managers must have full access to their own sales records except completed ones. They should have no access to the sales made by other managers.

- Head managers must have full access to all sales records of the department. They should have no access to sales of other departments.

 

To implement the scenario above, the following code can be used:

 

// do not apply these rules for site admins

if (GetApplication()->IsLoggedInAsAdmin()) {

    return;

 

// retrieving the ID of the current user

$userId = $page->GetCurrentUserId();

    

// retrieving the ID of sales department and the status of the current user

$sql = "SELECT sales_department_id, is_head_manager " . 

       "FROM phpgen_users WHERE user_id = $userId";

$result = $page->GetConnection()->fetchAll($sql);

 

if (empty($result))

    return;

  

$salesDepartmentId = $result[0]['sales_department_id']; 

$isHeadManager = (boolean) $result[0]['is_head_manager'];

 

// Granting permissions according to the scenario

$allowEdit = $isHeadManager || !$rowData['completed'];

$allowDelete = $isHeadManager || !$rowData['completed'];

 

// Specifying the condition to show only necessary records 

if ($isHeadManager) {

    $sql = 'manager_id IN '.

           '(SELECT user_id FROM phpgen_users WHERE sales_department_id = %d)';

    $usingCondition = sprintf($sql, $salesDepartmentId);

} else {

    $usingCondition = sprintf('manager_id = %d', $userId);

}

 

// apply granted permissions

$handled = true;

  

// Do not merge the new record permissions with default ones (true by default).

// We have to add this line, otherwise head managers will not be able to see

// sales made by other managers of the department. 

$mergeWithDefault = false;

 

See also: OnGetCustomPagePermissions.

 



Prev Return to chapter overview Next