4 Replies Latest reply on Jun 15, 2012 8:18 AM by erawson

    PHP Find returning all records - even those not allowed in privilege set

    donok

      Title

      PHP Find returning all records - even those not allowed in privilege set

      Post

      I have a simple FM11 database of inventory that I have used FM PHP site builder to create a very simple site.  In FM, I have set the Privilege Set's (File>Security>Privilege Set) Custom Records Privileges "View" "Limited" to the calculation "On Web = 1" (without quotes) - where "On Web" is the checkbox field that has the boolean of 1 or 0.

      So, if the record has "On Web" checked, the record shows up on the website.  All this is working fine, as long as the person enters a variable in the find, but if they just click "Find Records", all the records in the database show up. Here's the kicker - all the records that are are "0" for "On Web" are there, too, it is just that their contents are blank - so, FM is being literally correct, they are not allowed to "view" the record, but it still includes it in the result - albeit, in a blank row.

      How can I get FM to not include these records?  The site is at:

      http://mobayen.macus...findrecords.php

      I hope I am being clear here - only took me 30 minutes to write the two paragraphs above... 

      I am not a php coder (sorry) - this just may be a bug?  Or does something in my method look suspicious?

      Thanks for any help

      -- Don 

        • 1. Re: PHP Find returning all records - even those not allowed in privilege set
          DaveThompson

          try using two '=' signs instead of one in your search criteria

          • 2. Re: PHP Find returning all records - even those not allowed in privilege set
            donok

            Do you mean the search criteria within FileMaker's Security settings, or the search criteria for the php page?

            Filemaker doesn't seem to like that, and my issue is when people enter nothing in the search (which should return all records) they get all records and the blank "invisible" ones being returned by filemaker.  So, I don't have a place to enter a double = ... right?

            • 3. Re: PHP Find returning all records - even those not allowed in privilege set
              DaveThompson

              The search criteria from within the php page. 

              When you you use the PHP api directly (without the site builder) the difference between  '=' and '==' is night and day. 

              I'm not sure but I don't believe the privilege sets are going to filter the records for you.  They should just show a blank page or indicate that you don't have access to that layout.  ... So technically the person won't be able to view the record even when it is found.  You'd need to add a filter to omit the records you don't want to be viewed or use a 'go to related records' script step where you have the 'viewable' records being filtered via relationship ....

              I could be wrong on that but I don't think your privilege sets are going to automatically filter the records.  ... they just won't display data. ... Kind of like when you make one certain field un-readable.  ... the field doesn't disappear off of the layout the data just isn't viewable. 

              • 4. Re: PHP Find returning all records - even those not allowed in privilege set
                erawson

                If you're using the PHP API you could simply add a line to the query you were making to the database that would filter out these records.

                $query->addFindCriterion('On Web', 1);

                As long as the On Web field is somewhere on the layout that you are accessing this would work.

                 

                Another way of solving it, without having to use PHP code, would be to create a self relationship in your relationship graph. Create a calculation field in your table that always evaluates to 1, and then set up a relationship with a new table occurance of the same table to have the On Web field = your calculation field that always evaluates to 1.

                 

                If you base the layout that you are accessing from the web on this table occurance, the records should be filtered.