Forums

Form ACL

itpates 18 Sep, 2018
I have a Chronoconnectivity v6 form that presents a list of data. Some of that listed data I want just the registered to be able to see, and the manager to be able to see the whole list, based on the value of a single database field - 1 or 0. Is there an easy way to do that with just one form?
healyhatman 19 Sep, 2018
A database read on the user_usergroup_map table to check if they're in the right user group.
itpates 19 Sep, 2018
Okay - so I create two database read functions, and a user-group filter function, then run the filter to determine which read function to load?
healyhatman 19 Sep, 2018
Depends. Is it that you want people from user group A to only see database entries with a 1 in some field, and user group B to only see entries with a 0?
itpates 19 Sep, 2018
Basically I have a list of service-tickets. I want the customer service reps to be able to see only those that have not been charged out already (still published). I want the management to be able to see all of them. The field I use to determine this is either 1 for active, or 0 for charged out.
itpates 19 Sep, 2018
I figure I can create a function to test ACL, then if they are qualified, call one read function, and if they are not qualified, call another read function. Unless there's an easier way.
healyhatman 19 Sep, 2018
Two, one to get the user group we spoke of. The other should have WHERE field:{var:switch}/- and in the switch, check {var.empty:read_data_one} and return 1 if true.
itpates 19 Sep, 2018
Sweet. Didn't know I could include that in the WHERE statement. Good to know. Thanks.
itpates 19 Sep, 2018
Hmm, is it possible to have the existence of the second WHERE conditional? I got it working and realized I goofed - I had it set to either show just the active tickets, or the inactive tickets, but not both. With no second WHERE, it shows them all, which is what I really wanted for the manager - both published and non-published.

I tried to insert the WHERE condition itself in custom code so that if the user was not part of a certain set of groups - ie, just registered - then there would be MODEL.field:1 returned. But running the VAR on the second line (got the first WHERE statement occupied for location), I get the error on the form:
 Unknown column 'MODEL.{var' in 'where clause'											
itpates 19 Sep, 2018
Here is the custom code I used, then called it by inserting {var:authorized} on the second line in my WHERE statement:

$user   = JFactory::getUser();
$groups = JAccess::getGroupsByUser($user->id);

$s = "";
foreach ($groups as $key => $value) {

switch($value) {
case 3:
case 8:
case 10: $s = "";
break;
default: $s = "MODEL.published:1";
break;
}
}
return $s;

Ideally, it should have returned a blank line for me and just the first line gets processed to show me everything. But if an employee logged on, he or she would see only the published items.
itpates 19 Sep, 2018
I think I'm going to need to have two READ functions, then call them based on the user. Just not sure how to do that in the EVENTS tab. I tried to call one or the other READ function using a third PHP function that I put in the EVENTS tab, but that failed miserably.
healyhatman 19 Sep, 2018
You can call it in the switch.
But you don't need too:
With the where statement, put the /- after so if it's empty (which it should be for managers) it gets skipped.
itpates 19 Sep, 2018
The /- goes after the MODEL.published:{var:authorized}, correct? As in,

MODEL.published{var:authorized}/-

I tried that and it does seem to remove that line, but for some reason, my test account which is just Registered is still seeing everything.
healyhatman 19 Sep, 2018
Use a {debug:} as the last thing in your event you probably have the switch setup wrong
itpates 20 Sep, 2018
Answer
Switch was fine. But the READ function only seems to accept {data:} input, not {var:}

What I did was fed the output of the authorized function into a data variable:
<?php
$user = JFactory::getUser();
$groups = JAccess::getGroupsByUser($user->id);

$s = "";
foreach ($groups as $key => $value) {

switch($value) {
case 3:
case 8:
case 10: $s = "";
break;
default: $s = "1";
}
}

$this->data("authorized", $s, true);
?>

...then I added this to my READ function:
Tickets.published:{data:authorized}/-

...then I just placed the {fn:authorized} entry before the {fn:list_tickets} entry in my EVENT.

Tested perfect after that - normal employee only sees active tickets, and managers see all of them.
healyhatman 20 Sep, 2018
{var} works in a read data action, but you have to actually set the variable first by calling the {fn}
This topic is locked and no more replies can be posted.