warning message for when permission is set to NO for create record

[meanster99]

You are using DaDaBIK version 7.0 ENTERPRISE
You are runnning the last release of DaDaBIK
PHP Version: 5.3.28
mysql version: 5.5.35
Web server: Apache/2.4.10 (Unix)
Client: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0

Hi,

When using granular permissions and a user group is set to NO for 'create', the 'insert item' button still appears under master/details view. Is there any way to prevent this appearing in instances where permission is set to NO?

If not, when they click the insert item, it directs to a completely blank page (because they do not have permission, which is almost OK). If the 'insert item' button can't easily be removed, is there a way to at least provide a warning message on the blank screen. Or is this just a known bug?

Thanks,
Matt

 

[eugenio]

Hi,
this is definitely a bug, thanks for having reported it. It happens just in one situation: when the number of records of the items page is zero. It doesn't affect security because the permissions model would block anyway the insertion.

This is a quick patch, the bug will be officially patched in the next release:

- file index.php, search this piece of code:

[pre]
txt_out ('<p>'.$normal_messages_ar['insert_item'].'</p>');
[/pre]


you should find it in two different parts of index.php. Take the second one and change it to

[pre]
if ($enable_insert_items == 1){

txt_out ('<p>'.$normal_messages_ar['insert_item'].'</p>');

}
[/pre]

 

[meanster99]

Hi Eugenio,

I made the change, thanks for the patch, it works for my master/details views, but it still doesn't prevent the blank screen in this situation:

User selects "Insert item" from navigation menu, when in a datagrid view they have permission for.
User then changes table (from the dropdown) from the insert item view (to a table they don't have permission to create or edit, but read only)
Blank page appears, no error messages

I know I can turn off the change table dropdown, but that turns it off for everyone then. Any other ideas please?

Thanks,
Matt

 

[eugenio]

Hello,
at the moment there is no quick solution for that, the table menu is supposed to show all the tables having read permissions. Actually, the typical configuration for an items table is NOT to have read permissions: since it's linked to the master table, if the user has read permissions on the master table she gets read permissions on the items table too, but the items table is not showed in the table menu (because it is considered part of the master/details page).

Cheers,

 

[meanster99]

Thanks for the explanation Eugenio. Unfortunately, I can't allow my users to 'export to csv' without allowing them read access to the details table (as there is obviously no option to export to csv in master/detail view), and I need that export function.