[Cartoweb-users] Edition security (user can edit only his data)

[Igor Evdokimov]

> You can get the current user login with:
>
>        $sm = SecurityManager::getInstance();
>        $username = $sm->getUser();
>
> but Im unsure where exactly you need to add the check. I suppose  
> after the user make a selection with the "edit_sel" tool. That  
> would be on server side, because you need to make the request  
> before knowing what editable object were selected (in  
> selectFeaturesByShape ?). And instead of returning the selected  
> features, return a boolean or something which you would treat on  
> client side to tell the user he has no right on this object. Maybe  
> with a userMessage or you can make something fancier with javascript.


Thank You!

I've done it.

This way:

in ServerEdit.php in selectFeaturesByShape()
I've added this code in the beginning:

===================================
  protected function selectFeaturesByShape($shapes) {

         $sm = SecurityManager::getInstance();
         $username = $sm->getUser();
         $own = $this->getConfig()->editOnlyOwnData;
         if ($own == true)
             $ownstring = sprintf("AND owner='%s'",$username);
         else
             $ownstring = "";
...............
===================================

in ./server_conf/my_project_name/ I've created file edit.ini :

===================================
; editOnlyOwnData = true; => user can edit only his own added data
; editOnlyOwnData = false; => user can edit only all editable data

editOnlyOwnData = true;
===================================

And added OWNER field in every editable database.

It was easy with your help!
I don't need to inform user that he cannot edit other user's data.
I only need to select this user's own data.

Now I must add code to automatically fill 'OWNER' field
with user login name when new record created.
I think it can be done in ServerEdit.php in insertFeature() function?
Am I right?

Best regards, Igor.