Alpha Video Training
Results 1 to 5 of 5

Thread: Client Login with limited user rights

  1. #1
    Jared Sutherland
    Guest

    Default Client Login with limited user rights

    Hi everyone,

    Quick question here on logins. My goal for my Web enabled alpha five database, is to allow a client to login via my webpage and view the information that I have stored under their client file. I have viewed the Login Feature tutorial that is shown on the Alpha website, but this seems more geared towards users logging in to use the entire database. I basically want to be able to have a client login, and view ONLY their information. I would also like them to be able to enter very basic information that will be stored in the database.

    What is the best way to approach this?

  2. #2
    Member Jesse Sanders's Avatar
    Real Name
    Jesse Sanders
    Join Date
    Jul 2000
    Location
    Lancaster PA
    Posts
    107

    Default RE: Client Login with limited user rights

    I needed the same thing.
    Here is what I did. In the login AfterValidate I used the lookup function to set a session variable to the customer ID.
    Session._Protected_Cust_ID = lookup("[PathAlias.ADB_Path]\Customers","User_Name="+Quote(User_Name),"Cust_ID")

    Then I Created copies of the grid with a filter (Under the query tab of the grid)
    Cust_ID = 2000

    Then at the top of the webpage I set a case Statement:
    Select
    Case Session._Protected_Cust_ID =500
    tmpl_Soil_Search_Par = a5w_load_component("Soil_Sr_500")
    Case Session._Protected_Cust_ID =2002
    tmpl_Soil_Search_Par = a5w_load_component("Soil_Sr_2002")
    Case Session._Protected_Cust_ID =2004
    tmpl_Soil_Search_Par = a5w_load_component("Soil_Sr_2004")
    Case Session._Protected_Cust_ID =2005
    End select

    This way they can search and sort their record without seeing anyone elses work.

    Another way is to set the filter in the Components section of the page like this:
    with tmpl_Cust_Update
    componentName = "Cust_Update"
    end with
    '=======================================compute the HTML for the Component=======================================
    delete x_Cust_Update
    dim x_Cust_Update as p
    tmpl_Cust_Update.request = request
    tmpl_Cust_Update.session = session
    tmpl_Cust_Update.dbf.filter = "cust_id =" + Str(Session._Protected_Cust_ID,4,0)
    tmpl_Cust_Update.response = response
    tmpl_Cust_Update.serversetting = serversetting
    tmpl_Cust_Update.PageVariables = local_variables()
    x_Cust_Update = a5w_run_Component(tmpl_Cust_Update)
    '=============================================================================================================
    This way they cannot search the record but they can see them.

  3. #3
    Member Jesse Sanders's Avatar
    Real Name
    Jesse Sanders
    Join Date
    Jul 2000
    Location
    Lancaster PA
    Posts
    107

    Default RE: Client Login with limited user rights

    I missed something the After Validate is part of the Login dialog.
    I hope this helps.
    Jesse

  4. #4
    Jared Sutherland
    Guest

    Default RE: Client Login with limited user rights

    Thanks Jesse, your response did help me get done what I needed to get done. I was able to have client logins filtered by having their logon ID's be the same as their Client ID I assigned to them. However, I would like to have an "Admin" login that can view / search everyone's records, and maybe access some reports.

    Any suggestions on how to approach this? The way I have the filter work now is by setting a session variable out of the Client ID and then filtering it that way. Obviously if I have a login named "Admin" the way I have it working now will filter everything out, because clearly, "Admin" is not a client Id....

  5. #5
    Member Jesse Sanders's Avatar
    Real Name
    Jesse Sanders
    Join Date
    Jul 2000
    Location
    Lancaster PA
    Posts
    107

    Default RE: Client Login with limited user rights

    I did a couple of things that might help:
    1: I set myself up in the customer database. What I did was use a logical field names admin: everyone else is set to false and I am set to true. then I pass it to a protected session variable in the after validate event:
    Dim session._Protected_IsAdmin as l
    session._Protected_IsAdmin = lookup("[PathAlias.ADB_Path]\Customers","User_Name="+Quote(User_Name),"Admin")
    In all the components that have administrative functions I bracketed all the components like this:
    "%a5 if session._Protected_IsAdmin then%"
    "tr"
    "td""%a5 ?x_Import_Results.Output.Body.Dialog_Echo %""/td""/tr"
    "tr"
    "td""%a5 ?x_Import_Results.Output.Body.Xbasic_Code_Errors %""/td""/tr"
    "tr"
    "td""%a5 ?x_Import_Results.Output.Body.Dialog_HTML %""/td""/tr""/table""br"
    "%a5 end if %"
    So that even if a person hacked into the site they would only see the outline of the page but no components.

    Then I gave in each of the data pages my own unfiltered component. Again bracked off so that only an administrator can see it.
    I hope that helps.
    Jesse

Similar Threads

  1. user login direct to database
    By greg dyer in forum Web Application Server v6
    Replies: 6
    Last Post: 01-17-2005, 05:10 AM
  2. User Rights Required for Table Updating
    By Red Abicht in forum Alpha Five Version 4
    Replies: 1
    Last Post: 09-11-2003, 03:42 AM
  3. Specify user login
    By Imran Ahmad in forum Alpha Five Version 5
    Replies: 2
    Last Post: 06-05-2003, 06:39 AM
  4. User login with runtime
    By Robert Mann in forum Alpha Five Version 5
    Replies: 3
    Last Post: 10-25-2002, 11:51 AM
  5. User Login
    By Sean Tucker in forum Alpha Five Version 4
    Replies: 5
    Last Post: 11-07-2001, 05:43 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •