DB2 PHP Generator online Help
Prev | Return to chapter overview | Next |
OnGetCustomRecordPermissions
This event allows you to customize record-level permissions.
Signature:
function OnGetCustomRecordPermissions($page, &$usingCondition, $rowData,
&$allowEdit, &$allowDelete, &$mergeWithDefault, &$handled)
Parameters:
$page |
An instance of the Page class. |
$usingCondition |
Any logical SQL expression. Rows for which the expression returns true will be visible |
$rowData |
The associative array of values that corresponds currently processed row |
$allowEdit |
If true, the user can edit values of the currently processed row. |
$allowDelete |
If true, the user can delete the currently processed row. |
$mergeWithDefault |
Indicates whether custom permissions should be merged with default ones (if any). Default value is true. |
$handled |
A parameter to indicate whether the new permissions should be applied. Set $handled to true to apply the changes. |
Example
Assume we have a small company with several sales departments. All users of our application are sales managers, which work in one of these departments. Each such user can work as an ordinary manager or as a head manager of the department. Our challenge is to grant privileges in the following way:
- Ordinary managers must have full access to their own sales records except completed ones. They should have no access to the sales made by other managers.
- Head managers must have full access to all sales records of the department. They should have no access to sales of other departments.
To implement the scenario above, the following code can be used:
// do not apply these rules for site admins
if (GetApplication()->IsLoggedInAsAdmin()) {
return;
}
// retrieving the ID of the current user
$userId = $page->GetCurrentUserId();
// retrieving the ID of sales department and the status of the current user
$sql = "SELECT sales_department_id, is_head_manager " .
"FROM phpgen_users WHERE user_id = $userId";
$result = $page->GetConnection()->fetchAll($sql);
if (empty($result))
return;
$salesDepartmentId = $result[0]['sales_department_id'];
$isHeadManager = (boolean) $result[0]['is_head_manager'];
// Granting permissions according to the scenario
$allowEdit = $isHeadManager || !$rowData['completed'];
$allowDelete = $isHeadManager || !$rowData['completed'];
// Specifying the condition to show only necessary records
if ($isHeadManager) {
$sql = 'manager_id IN '.
'(SELECT user_id FROM phpgen_users WHERE sales_department_id = %d)';
$usingCondition = sprintf($sql, $salesDepartmentId);
} else {
$usingCondition = sprintf('manager_id = %d', $userId);
}
// apply granted permissions
$handled = true;
// Do not merge the new record permissions with default ones (true by default).
// We have to add this line, otherwise head managers will not be able to see
// sales made by other managers of the department.
$mergeWithDefault = false;
See also: OnGetCustomPagePermissions.
Prev | Return to chapter overview | Next |