Limiting Access to "Owned" Records

Moderators: Phil Winkler, Graham Smith, Pete Tabord

Limiting Access to "Owned" Records

Postby Graham Smith » Mon Mar 23, 2009 1:04 pm

I’m creating a Web Publisher app just for the sake of learning how to do certain things. The app is going to be for learning/teaching only and has no immediate practical application. So the questions I come up with may be "stream of consciousness stuff" and suffer from a certain logic deficit. In any case, I’ll post my questions, comments, suggestions, etc. as well any any lessons learned. Here is the first one:

This part of the app is basically an online Customer Database. I want a customer to be able to either add themselves to the database or edit their existing “profile”. I expect to do this with different Aspects, one to enter new and one to modify existing.

Here’s the tricky bit… The number of Companies this will be holding makes it impossible for each customer to have a User record, so they will have to all use the same generic login. And, after a record is entered, only the originating company should be allowed to see or edit their record using the web interface.

This has me completely stumped and if I cannot get past this, the whole app is a non-starter.
Graham Smith
DataSmith, Delaware
"For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)
"X-Clacks-Overhead: GNU Terry Pratchett"
User avatar
Graham Smith
 
Posts: 2501
Joined: Fri Sep 07, 2007 11:31 am
Location: Delaware, USA
Has thanked: 0 time
Been thanked: 1 time
 

Re: Limiting Access to "Owned" Records

Postby Stewart Allen » Wed May 13, 2009 2:37 pm

The number of Companies this will be holding makes it impossible for each customer to have a User record


Why is this a problem?
Stewart Allen
 
Posts: 88
Joined: Thu Sep 27, 2007 11:25 am
Has thanked: 0 time
Been thanked: 0 time
 

Re: Limiting Access to "Owned" Records

Postby Phil Winkler » Wed May 13, 2009 2:48 pm

Hi, Stewart,

A Company should only be able to see its own records and not those of other Companies. Having a generic login prevents creating a unique key to be used to filter the records for each company.

It's easily done in the native db, but not in WebElements that we can see.
Phil Winkler
PLM Consulting, Inc.
pwinkler@plmconsulting.com
Phil Winkler
 
Posts: 889
Joined: Fri Sep 07, 2007 12:45 pm
Has thanked: 0 time
Been thanked: 0 time
 

Re: Limiting Access to "Owned" Records

Postby Stewart Allen » Wed May 13, 2009 9:44 pm

Hi Phil

I understand that the use of a generic logon prevents the filtering, but what i want to know is why "The number of Companies this will be holding makes it impossible for each customer to have a User record"

Can you use setglobal() with WebElements?
Stewart Allen
 
Posts: 88
Joined: Thu Sep 27, 2007 11:25 am
Has thanked: 0 time
Been thanked: 0 time
 

Re: Limiting Access to "Owned" Records

Postby Adrian Jones » Thu May 14, 2009 7:39 am

Nice idea, but no!

As I understand it, WebElements consists of two main components: a DCOM object that can interrogate your FF database, and an ASP application that generates the web pages and populates with data.

Once you publish, you are no longer in FF-land, so to speak, but are really in ASP. Therefore no CDFs ...

Adrian
User avatar
Adrian Jones
 
Posts: 2000
Joined: Tue Sep 11, 2007 2:38 pm
Location: Cornwall, UK
Has thanked: 5 times
Been thanked: 4 times
 

Re: Limiting Access to "Owned" Records

Postby Graham Smith » Thu May 14, 2009 12:49 pm

Stewart,

There are currently about 15,000 records in Companies and the list is constantly growing and changing. I suppose it is theoretically possible to have one user record for each company, but it isn't really practical.
Graham Smith
DataSmith, Delaware
"For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)
"X-Clacks-Overhead: GNU Terry Pratchett"
User avatar
Graham Smith
 
Posts: 2501
Joined: Fri Sep 07, 2007 11:31 am
Location: Delaware, USA
Has thanked: 0 time
Been thanked: 1 time
 

Re: Limiting Access to "Owned" Records

Postby Stewart Allen » Thu May 14, 2009 3:41 pm

no cdf's?
But aren't most of the functions now built in - setarray should at least be?. Are these also not available?

Graham
You will have to have a Company specific 'logon' and password or identification at some point and this will need some table to verify the logon - or else how will you enable own records only viewing.

If you use the standard users table and user logon then you can just use 'current user name' as a filter.

Two options:
1. Make all your Aspects work via Relationships to the 'Companies' table filtered by system user name - as long as it has a field = current user name (see below) or
2. Make all your Aspects work via a dummy table that has a single virtual field -> derivation = current user name.

The user name is the company name up to 15 characters - so you may need to add a company 'nickname' or a generated sequence ID that is the system user name - this will have to exist in most tables .

When the
Stewart Allen
 
Posts: 88
Joined: Thu Sep 27, 2007 11:25 am
Has thanked: 0 time
Been thanked: 0 time
 

Re: Limiting Access to "Owned" Records

Postby Graham Smith » Thu May 14, 2009 8:30 pm

Stewart Allen wrote:But aren't most of the functions now built in - setarray should at least be?. Are these also not available?

There is a mistaken assumption that WebElements is a "web version" of Ffenics - it's not. There are only a limited number of actions that work.

The functions that are now "built-in" are those that were in DFWACTS in DFW. SetArray is part of CDFS2 which remains an external function.

As to the issue of companies, I know how to use the login to limit record access, the problem you are missing is that there are thousands of companies. To make each one of them a login would require those thousands of records be added to the users file and that file would have to be constantly pruned and updated. It's not exactly an ideal situation.

What I was attempting to do was see if anyone had an alternative that would allow the use of a generic login. I have pretty much determined at this point that no such alternative exists. Bear in mind, if there were only a couple hundred "customer records" involved, I wouldn't have been looking for an alternative.

As it stands, at this point I am experimenting with putting all the company records into the user file. It's not elegant, but it might work if I go about it right.
Graham Smith
DataSmith, Delaware
"For every expert there is an equal and opposite expert.", Arthur C. Clarke (1917 - 2008)
"X-Clacks-Overhead: GNU Terry Pratchett"
User avatar
Graham Smith
 
Posts: 2501
Joined: Fri Sep 07, 2007 11:31 am
Location: Delaware, USA
Has thanked: 0 time
Been thanked: 1 time
 

Re: Limiting Access to "Owned" Records

Postby Adrian Jones » Fri May 15, 2009 8:48 am

Hi Stewart,

Your WebElements-published web site is running in a browser, not in FF. Therefore no CDFs (would have to be javascript or some server-side code).

I think the answer to what G is trying to do may lie in getting to grips with the DCOM object that is controlling the data access. But that is way out the WebElements box.
User avatar
Adrian Jones
 
Posts: 2000
Joined: Tue Sep 11, 2007 2:38 pm
Location: Cornwall, UK
Has thanked: 5 times
Been thanked: 4 times
 
 

Return to Ffenics WebElements

Who is online

Users browsing this forum: No registered users and 1 guest

cron