MX User Login Forum :: Restrict Access to Nextensio Form
This thread was displayed: 96 times
Starting with 17th May 2007, Adobe Systems will stop offering support for any version of the discontinued InterAKT products. As a result, we will not answer to new support incidents starting with May 17th, 2007. Pending support incidents will still be followed in order to be closed. The product forums will remain open and be transformed in user-to-user forums. The general forums will be made read-only and not allow new posts or comments.
For more information about the affected products visit: www.interaktonline.com/Support/
John Groh
10-31-2006 17:59:50 GMT +2
|
Hi all,
I have a Nextensio form that I have applied the Restrict access SB to. When someone logs in, it correctly brings up the right information, however they can change the parameter in the browser to view other people's info. Since I cannot edit the Nextensio recordset to filter it on the kt_login_id, how can I secure the pages?
|
|
|
Razvan Racasanu[InterAKT]  10-31-2006 18:19:32 GMT +2
|
Hello,
Please read this thread that explains how you can achieve this. Let me know if you have any problems with this.
Regards,
Razvan RACASANU
|
|
|
John Groh
10-31-2006 20:48:58 GMT +2
|
Sorry Razvan, but that thread didnt make sense to me. So what was being said on that other thread is that I need to use a show region sb that is somehow filtered by a variable? Im not sure where to start...
|
|
|
Razvan Racasanu[InterAKT] 11-01-2006 12:12:41 GMT +2
|
Hello,
First, you need to establish if the currently logged in user has the right to edit this record. I assume this can be verified because the record has a foreign id to the users table. So, to do this, you create a recordset that is filtered by 2 conditions: the user id and the primary key that you receive by get. If the recordset returns a record, it means that the user should be allowed to edit the record. If the recordset returns no records, then the user should be denied access. This is why you should enclose the form in a conditional region checking of the recordset returned any records. You should also check if the primary key parameter is present in the URL so that that form will be available on insert.
Regards,
Razvan RACASANU
|
|
|
