How can I ensure users only see records created by themselves?

rob

rob

Administrator
In your form add a "username" element, called "username" This element automatically inserts the current user's userid into your form as a hidden field.

Now each time you users adds a record, via the form, to the database table, their user id is also recorded.

The second thing to do is to edit your table, and add a prefilter so that each user sees only the records that they have created:

  • Edit your form's table.
  • Select the "data" tab
  • Under the "prefilter" section press "add filter"
  • Select "username" from the field dropdown (the "username" element we previously created)
  • Select "EQUALS" from the condition drop down list
  • Enter "{$my->id}" (without the quotes) into the "value" field
  • Select "super administrator" from the filter drop down. NOTE ! - this means that the filter is applied to everyone EXCEPT the super administrator. So in our case normal users will see only their records, where as the super administrator will see all the records
  • Save your table
 
Just to give a little more detail on this one ...

In a lot of Fabrik backend parameters where you enter text (like defaults, link url's, filter values, email subjects, etc), even when we aren't treating them as eval'ed, we still do a basic level of variable substitution. Exactly what gets substituted kind of depends which field you are filling out, but {$my->id} (or any $my element) pretty much always works.

So using {$my->id} in a (non eval'ed) filter value is basically shorthand for

global $my;
return $my->id;

... and setting it to 'eval'.

-- hugh
 
There goes one question from my list; thanks!

One thing, though. Is it possible to display the field as a read-only rather than have it hidden? In previous forms I have created on some DNN sites, I found that displaying the username (form completion only possible by registered users, so used a token) reduced the number of questionable entries entering the db. :)

I used an element with a 'user' field in my first Fabrik form, but noticed there were no other settings to change in the interface giving us the option to display, rather than hide, so added the question to my list.
 
The 'user' element type is always hidden.

You could probably achieve the same effect by adding a text field, set to 'eval' this default:

global $my;
return $my->username;

... and set it to "read only". You'd still want to keep the hidden 'user' element tho, for the actual access control (it stores the userid, not the username).

BTW, I'll probably move the discussion part of this thread to the general usage forum, I'm trying to keep this forum to just single "How Do I?" posts.

-- hugh
 
admin said:
In your form add a "username" element, called "username" This element automatically inserts the current user's userid into your form as a hidden field.

Now each time you users adds a record, via the form, to the database table, their user id is also recorded.

The second thing to do is to edit your table, and add a prefilter so that each user sees only the records that they have created:

  • Edit your form's table.
  • Select the "data" tab
  • Under the "prefilter" section press "add filter"
  • Select "username" from the field dropdown (the "username" element we previously created)
  • Select "EQUALS" from the condition drop down list
  • Enter "{$my->id}" (without the quotes) into the "value" field
  • Select "super administrator" from the filter drop down. NOTE ! - this means that the filter is applied to everyone EXCEPT the super administrator. So in our case normal users will see only their records, where as the super administrator will see all the records
  • Save your table
Click to expand...
I'm using Fabrik v1.0.6 and Joomla v1.0.15. Does the information in this post still apply? I've followed the directions exactly and all records are being filtered, even the ones created by the logged-in user.
 
In fact, I have gone through PhPMyAdmin and looked at the Fabrik table and the field that the logged in 'username' should be stored in is empty. I have scoured the forums for any hints as to what I might be doing wrong and it does seem that there are different approaches to this but I feel I have tried them all. Please help :D
 
hi this feature is gr8.
how can i use button for it and put the button in the form ? y'know , like an update button..

thank you
 
ronniecash said:
I'm using Fabrik v1.0.6 and Joomla v1.0.15. Does the information in this post still apply? I've followed the directions exactly and all records are being filtered, even the ones created by the logged-in user.
Click to expand...

Just to tidy up this loose end ... the $my->id substitution works in both Fabrik 1.0.x and 2.0. Even tho the $my oject is no longer used in Joomla 1.5, we provide backward compatibility for it when doing non-eval'ed substitution.

-- hugh
 
First of all, I couldn't have asked for a better application....Fabrik is amazing and an absolute dream come true. However, I am a total newbie at this stuff, but dusting off the old database skills that are probably older than you are! I have followed the forums for two days now and had different parts working at different times, but alas, I believe I have exhausted all the avenues I can find. All I am trying to do is create a form that allows a user to enter educational information once they have registered through community builder. The form works great for adding a new record, but when I click the menu link the second time to edit the original form, it does not filter and load the previously created record, instead it creates a new blank record. Am I missing a step along the way?
 
What version of Fabrik are you using? Some little bits of the following may be slightly different depending on the version, but you should be able to muddle thru regardless.

Add a User element as per Rob's original instructions. Lets call it 'userid'. Make it hidden, and set to NOT update on edit.

On your menu link (in the Joomla menu manager) you need to edit the parameters, and set the following.

Row ID: -1
Key name: userid

The row id of -1 is then treated differently by Fabrik, which replaces it with the userid of the currently logged on user.

Setting "key name" to userid forces Fabrik to then use that User element as the database key to match the userid against, rather than the primary key of the table.

Once this is done, the first time you hit that link, Fabrik should create a new table entry (row) for the form, and automatically fill in the userid field. From then on, when the same user hits that link, it should load the previously created row.

Oh, and make sure you set the Access Level on the menu link to Registered, otherwise things go hinky if guests hit it (as they all have a userid of 0).

-- hugh
 
Wooooohoooo...u totally rock! That took care of finding the correct record, however it is read only the second time it displays. Did I do something wrong? How do I get the form to display for editing????

Thank you soooooo much for the awesome app and the great support! (btw, i'm using 2.0 with the most current SVN applied.)
 
never mind...I figured it out! I used your example verbatim and changed my new variable name to userid from username....unfortunately, I forgot to change the editing permissions! Oooops! Thanks again for your help!
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 91 (members: 6, guests: 85)
    Back
    Top