i use security on user id level (to filter records based on user_id), not on field level or table level.
Once you actived this option and selected the user table in phpmaker, the lines of users view is filtered even for the supreme user admin !
i understand basic tables (orders, products, sales…Etc) are filtered by user_ud .
But why the users table is auto-filtered by the user_id whereas i did not check the table in the window "advanced security - User ID " ? it is like phpmaker consider the this table “forced to be filtered by user”
As my user of ID #1 is the master, how can it manage the user acount in the phpmaker rendered page if he can’t see all the lines because he is the administrator ?
so he had to user phpmyadmin to manag the account from mysql database…
Off course, if i use parent_id feature and set all the user are the parent of the user_id #1, then the administator can see all.
but by doing that, i can’t use anymore the real parent_id field to link the real “parent chief” as phpmaker only consider one parent_id field !
what logical feature of setting am i missing to get out of this trap ? The administrator should really see all the lines/records.
in the documentation help file, it said :
"In the [UserID Field] column, select the User ID Field for the tables/views that requires User ID security. "
so, as i did not select a field in my user table, the user table souhle not be “filtered” by user_id
If User ID Security is enabled, the user table should be set up with the User ID field, or users can view data in the user table and the security will be compromised. PHPMaker sets it up automatically. However, in the latest version (v2020.0.15), I see that the setting is exposed and you can change the User ID field for the user table, you may remove it at your own risk.
in fact, in the 2020.0.15 release, the table you select to indicate the users is never showned in the list of tables where you can filter the record.
i have to create a view of the user table and use it instead the real table… so php will not hide the real user table in the window.
i can also use the administrator hard-coded access to see/manage all the users but the function CurrentUserID() will return null, isn’t it ? it would be good to point the hard-coded admin to a real user in the table.
mobhar wrote:
CurrentUserID() will return -1 for Administrator user
hi,
is there a way to customize or override the CurrentUserID() ?
i’d like to replace the " -1" for hard coded admin, by “1” (which is the id of the main admin in the user table).
Although you may customize the code of “getUserLevelID” function that belongs to the “AdvancedSecurity” class in the generated phpfn.php file, you’d better not to customize it, since by default PHPMaker has been reserving user level id -1 for “Administrator” user level, -2 for "Anonymous, and 0 for “Default”.