Member site page(s) access permissions using LIKE to compare members permissions field against site page permissions field.

6 posts by 2 authors in: Forums > CMS Builder
Last Post: January 15, 2016   (RSS)

By gregThomas - January 14, 2016 - edited: January 14, 2016

Hey Zicky, 

I think this line might be the cause of the issue:

// If there's no match in the LIKE comparison intranetString, then redirect member to home page.   if (!$CURRENT_USER || $CURRENT_USER['intranet_access'] == '0' || $membersRecords == !$intranetString) { redirectBrowserToUrl("http://domainname.com/"); }

So this bit:

!$CURRENT_USER || $CURRENT_USER['intranet_access'] == '0'

looks good to me, but I'm not sure what this bit is meant to do:

 || $membersRecords == !$intranetString

The member records are returned as an array, and $intranetString is a string, so I think those two items could never match. Also the ! at the beginning of $intranetString would mean it's being treated as a boolean instead of a string.

Could you give me a few more details on what this line of code needs to do?

Cheers,

Greg

Greg Thomas

PHP Programmer - interactivetools.com

By Zicky - January 14, 2016

Hey Greg,

I'll try to clarify what I'm trying to achieve.

So there's a category section editor called "intranet_access_categories" which I'm using to hold descriptive words to define various department(s) within the organization.

Example:
Accounting
Financing
Packing and Shipping
Administrative
etc...

There's a "members" multi section editor for front-end users. Within the 'members" records there's a department_intranet_access list field "pulldown (multi value)" which has the info below applied:
Get options from database (advanced)
Section Tablename "intranet_access_categories"
Use this field for option values "num"
Use this field for option labels "name"


Then there's various department category section editors such as "accounting_intranet, financing_intranet, packing_shipping_intranet, administration_intranet, etc...". Within the various department category section editor records there's a dept_intranet_access list field "pulldown (multi value)" which has the info below applied:
Get options from database (advanced)
Section Tablename "intranet_access_categories"
Use this field for option values "num"
Use this field for option labels "name"

1) A member may have one or multiple pulldown selections associated with their department_intranet_access permissions to access specific site pages.
2) A department page may have one or multiple pulldown selections associated with the department's dept_intranet_access pagepermissions. A department page may also have sub-category pages which have different department dept_intranet_access pagepermissions from their parent top tier category page.

What I'm trying to accomplish is a comparison of the "members" department_intranet_access permissions AGAINST the department's dept_intranet_access pagepermissions... so only members who have a LIKE (similar) value can access on those department pages with the same permission assigned to the site page.

So member "John Doe" may have permissions to access AccountingFinancing department pages and the Accounting Department's page may/or can have slightly different permissions such as Accounting,Packing and ShippingAdministrative and because there's a match for John Doe's members permission Accounting and the Department's page permission Accounting, then when John Doe lands on the Accounting Department page he is given access to the page.

So, I'm trying to do a comparison between "members" and department records permissions - to find a match to allow access to the site page, otherwise redirect. AND permissions of a member and a department page MAY NOT match exactly, but if there's a one instance of the category descriptive word(s) of "intranet_access_categories" do match (such as permissions of "members = Administrative, Accounting" LIKE "department page = Administrative, Packing and Shipping"), then the member can gain access to the Administrative site page. 

I hope that clarifies what I'm trying to achieve. 

By Zicky - January 14, 2016 - edited: January 14, 2016

PS: the line $membersRecords == !$intranetString is a complete failure... I think it's looping within itself, but I was attempting to write the code to redirect if the comparison of the member's permissions and the department's permissions did not match.

By gregThomas - January 15, 2016

Hi Zicky,

Thanks for the detailed explanation, now I understand what's needed. I've written some code that I think will do what you're looking for:


// load record from 'accounting_intranet'
list($accounting_intranetRecords, $accounting_intranetMetaData) = getRecords(array(
  'tableName'   => 'accounting_intranet',
  'where'       => whereRecordNumberInUrl(0),
  'loadUploads' => true,
  'allowSearch' => false,
  'limit'       => '1',
));
$accounting_intranetRecord = @$accounting_intranetRecords[0]; // get first record
if (!$accounting_intranetRecord) { dieWith404("Record not found!"); } // show error message if no record found
  
//Convert the departments the user has access to from a string to an array.
$userDeptValues = explode("\t", trim($CURRENT_USER['department_intranet_access'], "\t"));

//Cycle through the department access items, and check if we have matching values in the user department values.
if(is_array(@$accounting_intranetRecord['dept_intranet_access:values'])){
  $hasAccess = false;
  foreach($accounting_intranetRecord['dept_intranet_access:values'] as $keys => $value){
    if(in_array($value, $userDeptValues)){
      $hasAccess = true;
    }
  }
}

//If the user doesn't have access, redirect them away from this page.
if(!$hasAccess){
  redirectBrowserToUrl("http://domainname.com/"); 
  exit;
}

I've re-written the code so instead of looking for the member in the members section, we look through the current users access by converting their access levels from a string into an array. 

After this is done, we cycle through the sections access levels and check if the user and and sections departments ever match up. If they do we set the variable hasAccess to true. 

If the hasAccess variable is true then we allow the user to see the page, if not we redirect the user to a different page.

Cheers,

Greg

Greg Thomas

PHP Programmer - interactivetools.com

By Zicky - January 15, 2016

Hey Greg,

Thanks for the help... works like a charm, and does exactly what I needed it to do.
Many thanks!!!

Zicky