PROTECTED CLIENT ACCESS TO SPECIFIC RECORDS IN A MULTI-RECORD SECTION - Mar 11th, 2015
|
Using CMSB V2.64 and Website Membership V1.10, I needed to set up a protected client area on a site where client access is granted to certain records in a multi-record section based on a master project assignment list. I needed to be able to grant any client access to a list page with all the projects they were authorized to see but I also needed to protect project detail pages from other clients who were logged in, but did not have access to view particular records.
Here’s what was needed:
1) A multi-record “Project Name” section with the name of the project in a text field called ‘title’ (this field was set as “don’t allow removing of records” on the “advanced” tab) and a warning about creating a new record for each new project so that project information did not fall into the wrong hands)
2) A multi-record “Project Information” section with a pull down list field called ‘project_name’ that get’s its option values from the num field in the “Project Name” table and it’s option labels from the title field in the same table. (This field is used to assign progress report names)
3) A multi-value pull down list field in the “accounts” section that gets it’s data from the ‘Project Name” table in the same way. (This field is used to assign users permission to view project progress reports)
On the list page, called client.php, at the top of the document, after the load records calls, I included the code:
<?php if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); } ?>
And in the body:
<?php $rec_count = 0?> <?php foreach ($project_informationRecords as $record): ?> <?php if (strpos($CURRENT_USER['project_access'], $record['project_name'])): ?> <div style="text-align:left;" > <?php $usernum1 = $CURRENT_USER['num'] ?> <a class="special" href="clientdetail.php?usernum=<?php echo $usernum1 ?>&num=<?php echo $record['num']?>"><span style="text-decoration:underline;" class="navigation_font"><i><?php echo strtoupper($record['project_name:label']) ?></i></span></a> </div> <?php endif ?> <?php endforeach ?>
<?php if (!$project_informationRecords): ?> <span class="text_font">Sorry, You Don't Have Permission To Access Any Project Progress ReportsIf you feel that you should have access, please </span><a href="http://www.your_site/contact.php"><span class="text_font">"CONTACT US</span></a> <?php endif ?>
And on the detail page at the top of the document, below the load records calls:
<?php if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); } ?> <?php $usernum = $_REQUEST['usernum']; ?> <?php $record['num'] = $_REQUEST['num']; ?> <?php @$errorsAndAlerts = ''?> <?php if ($CURRENT_USER['num'] == $usernum ):?> <?php $show_data = 1 ?> <?php else: ?> <?php $show_data = 0 ?> <?php $errorsAndAlerts = "Sorry, You're Currently Not Authorized To View Project Progress Reports." ?> <?php endif ?>
And in the body:
<table align="center" width="50%" border="0" cellpadding="3"> <tr> <td align="center" class="heading_font">PROJECT PROGRESS REPORTS <?php if($show_data == 1):?> <?php echo strtoupper($project_informationRecord['project_name:label']) ?> FOR <?php echo strtoupper($CURRENT_USER['first_name']) ?> <?php echo strtoupper($CURRENT_USER['last_name']) ?>
<a href='http://www.your_site.com/client.php?action=logoff'><span class="text_font">WHEN YOU'RE FINISHED, PLEASE CLICK/TAP HERE TO LOG OUT</span></a> </td> </tr> <tr> <td > YOUR DETAIL PAGE DATA GOES HERE... </td> </tr> </table> <?php else :?> <span class="navigation_font"> <?php echo $errorsAndAlerts ?> For Authorization, Please <a href="contact.php"><span class ="text_font"><font color="#D01E1E">Contact Us</font></span></a>. <?php endif ?>
|
The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact
Interactive Tools for information on the downloading of the software or the purchasing of licenses.