Re: Web Security Functions
Couple educational points before the example. Ignore it if you want to stay less confused!
If you have both an Email and a Userid control on your dialog, it means to me that your Userid is a non-email address value, like "stevewood". But if (only if) your Userid is supposed to be an email address, and it is supposed to be the same value as the field you have named Email, then remove the Email field entirely. Since Security will still want an email address (redundant to the Userid) include this statement anywhere above the a5ws_save_user_values() statement: request.variables.email = currentform.controls.userid. That will effectively copy your Userid in to the Email field, and make them consistent.
The only possible acception to the above is if you want the Userid to be one email address, and the Email (for use in password recovery) to be a different email address.
Your statement request.variables.email = "" means you want the email address to be blank when saved to Security, probably not what you want. Plus it will cause your dialog to report an error "Email: Required Data Missing" since it wipes out the email value, which Security expects.
Your statement request.variables.guid = "" is redundant IF you have a field named guid in the dialog. The fact that the field exists replaces the need for a specific request variable with that name. In your dialog, the guid will be hidden and blank. Because it is blank, Security will attempt to add the record as a new user. If it is not blank, it will attempt to locate a user with that guid and update their record and, if it cannot find a record with that guid, it will attempt to add them.
EVENTS
INITIALLIZE
a5ws_get_user_values(CurrentForm,request)
' this is only necessary if you are trying to CHANGE an existing users Security record. The function takes guid, ulink or userid (you should only specify one) and if it finds a matching record in Security, it brings over the values to the dialog. An example might be:
request.variables.userid = "[email protected]"
a5ws_get_user_values(CurrentForm,request)
This will cause that userid to be looked up in Security, and fill the dialog with values. The explicit value could be replaced with a session variable or a page variable. The Alpha Help document includes an example where a page variable is used.
VALIDATE
a5ws_save_user_values(CurrentForm,request)
'This will seem odd if you are used to writing code for the validate event. The function does two things: 1) it saves the values from the dialog to Security, 2) it runs validation based on the Security model (not your dialog's validation). For example, if you omitted the userid, this step would report back an error.
AFTER VALIDATE
a5ws_get_user_values(CurrentForm,request)
'That would be all you need if you were only saving values to Security. If you are also saving values to a local Users table (like Firstname, Lastname, etc.) you would need proper code to save those values. I will put a complete example of that at the bottom of this post. This event will have the most variation of code depending on what you are doing.
ACTIVATE
grouplist = a5ws_get_groups(request,.T.)
secques = a5ws_get_security_ques(request)
'Those two functions return lists from Security that might be used in your dialog. If you show Group Permissions, base your Checkboxes on the variable named grouplist. If you include Security Questions, base the dropdowbox on the variable secques.
============================
Annotated example of a more complete AFTER VALIDATE event
Couple educational points before the example. Ignore it if you want to stay less confused!
If you have both an Email and a Userid control on your dialog, it means to me that your Userid is a non-email address value, like "stevewood". But if (only if) your Userid is supposed to be an email address, and it is supposed to be the same value as the field you have named Email, then remove the Email field entirely. Since Security will still want an email address (redundant to the Userid) include this statement anywhere above the a5ws_save_user_values() statement: request.variables.email = currentform.controls.userid. That will effectively copy your Userid in to the Email field, and make them consistent.
The only possible acception to the above is if you want the Userid to be one email address, and the Email (for use in password recovery) to be a different email address.
Your statement request.variables.email = "" means you want the email address to be blank when saved to Security, probably not what you want. Plus it will cause your dialog to report an error "Email: Required Data Missing" since it wipes out the email value, which Security expects.
Your statement request.variables.guid = "" is redundant IF you have a field named guid in the dialog. The fact that the field exists replaces the need for a specific request variable with that name. In your dialog, the guid will be hidden and blank. Because it is blank, Security will attempt to add the record as a new user. If it is not blank, it will attempt to locate a user with that guid and update their record and, if it cannot find a record with that guid, it will attempt to add them.
EVENTS
INITIALLIZE
a5ws_get_user_values(CurrentForm,request)
' this is only necessary if you are trying to CHANGE an existing users Security record. The function takes guid, ulink or userid (you should only specify one) and if it finds a matching record in Security, it brings over the values to the dialog. An example might be:
request.variables.userid = "[email protected]"
a5ws_get_user_values(CurrentForm,request)
This will cause that userid to be looked up in Security, and fill the dialog with values. The explicit value could be replaced with a session variable or a page variable. The Alpha Help document includes an example where a page variable is used.
VALIDATE
a5ws_save_user_values(CurrentForm,request)
'This will seem odd if you are used to writing code for the validate event. The function does two things: 1) it saves the values from the dialog to Security, 2) it runs validation based on the Security model (not your dialog's validation). For example, if you omitted the userid, this step would report back an error.
AFTER VALIDATE
a5ws_get_user_values(CurrentForm,request)
'That would be all you need if you were only saving values to Security. If you are also saving values to a local Users table (like Firstname, Lastname, etc.) you would need proper code to save those values. I will put a complete example of that at the bottom of this post. This event will have the most variation of code depending on what you are doing.
ACTIVATE
grouplist = a5ws_get_groups(request,.T.)
secques = a5ws_get_security_ques(request)
'Those two functions return lists from Security that might be used in your dialog. If you show Group Permissions, base your Checkboxes on the variable named grouplist. If you include Security Questions, base the dropdowbox on the variable secques.
============================
Annotated example of a more complete AFTER VALIDATE event
Code:
're-Get values from Security (which you just saved in the Validate event) a5ws_get_user_values(CurrentForm,request) ' I like to write who was just added to a session variable for display on the A5W page session.message = "Just added " + currentform.controls.userid 'open my Users table to save the extra information dim tbl as p tbl=table.open("[PathAlias.ADB_Path]\users") tbl.index_primary_put("id") recnum = tbl.fetch_find(alltrim(CurrentForm.Controls.userid)) IF (recnum>0) THEN 'do nothing since security will not allow duplicates ' this dialog is for adding, not updating else tbl.enter_begin() tbl.fname = currentform.controls.fname.value tbl.lname = currentform.controls.lname.value tbl.created = date() tbl.enter_end() end if ' Get the new ID back as my Ulink. The Id in the table is an auto-increment field ' Because I place the ID into a request variable named ulink, it will save to Security request.variables.ulink = tbl.Id tbl.close() 'I'd only include the line below if my Userid IS an email address and I want the Security Email field to be populated with the same email address. In this case, I would have no Email field in my dialog 'request.variables.email = currentform.controls.userid ' I have to re-save to Security because I have a new Ulink value and potentially a new Email value. a5ws_save_user_values(CurrentForm,request) ' Optional, this code blanks out most of the dialog fields to they are ready for the next user to be added currentform.controls.guid = "" currentform.controls.fname = "" currentform.controls.lname = "" currentform.controls.password = "" currentform.controls.password_confirm = "" currentform.controls.secans = "" currentform.controls.userid = "" currentform.controls.ulink = "" currentform.controls.lname = "" currentform.controls.fname = ""
Comment