[Cartoweb-users] Edition security (user can edit only his data)

Oliver Christen oliver.christen at camptocamp.com
Fri Jun 29 01:57:48 EDT 2007


Hi Igor,

You can get the current user login with:

        $sm = SecurityManager::getInstance();
        $username = $sm->getUser();

but Im unsure where exactly you need to add the check. I suppose after the 
user make a selection with the "edit_sel" tool. That would be on server 
side, because you need to make the request before knowing what editable 
object were selected (in selectFeaturesByShape ?). And instead of returning 
the selected features, return a boolean or something which you would treat 
on client side to tell the user he has no right on this object. Maybe with a 
userMessage or you can make something fancier with javascript.

Maybe.

Hope this help

Regards
Oliver


----- Original Message ----- 
From: "Igor Evdokimov" <igev at mail.ru>
To: <cartoweb-users at lists.maptools.org>
Sent: Friday, June 29, 2007 7:43 AM
Subject: [Cartoweb-users] Edition security (user can edit only his data)


> Hi, List & Oliver!
>
> Cartoweb allows to use Edition plugin via 'general.allowedRoles' option.
> And if the user has allowed role, he can edit ANY editable data.
>
> Is it very hard to do to allow user to edit only data that he added to
> map database personally? Is there big problems?
>
> For example: every record in editable object database contains field 
> 'USER' with
> the name of user that added this record. When this user tries to 
> modify/delete this record,
> runs some checking to allow edition of this record to this user 
> ('USER'=='login name'), etc.
> If this is not hard, maybe I'll try to develop this functionality. I  need 
> it.
>
> Best regards, Igor.
> _______________________________________________
> Cartoweb-users mailing list
> Cartoweb-users at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/cartoweb-users
> 



More information about the Cartoweb-users mailing list