I’ve searched the community but haven’t found the solution
On a PHP project I have a Security setting with a static list of users, each with one or more associated permissions
The Login page works and if the credentials are correct it redirects to a welcome page.
On the page I have three buttons that link to different protected pages of the site.
That’s fine, but I would like the buttons to be visible or hidden depending on the user’s permissions.
Each button is in one column and so I’ve been trying to use “Condition Region” for each column, but I don’t know what to put in the condition.
In practice I would like (for example) that the XXX button that links to the XXX.php page is visible only if the user has XXX permission
Therefore, one or more buttons should be visible for each user depending on their permissions
I hope I explained my need correctly
Thanks to anyone who can help me
Hey Marzio,
Permissions are strictly role based?
A global server action (isMember / isModerator / isAdmin…) that returns a boolean to use.
Maybe this can help?
I generally create a Query Single in the Globals part of Server Connect which returns some of the details of the logged in user. One of those fields is the access level. This can then be referenced anywhere in the front end.
In this case the users and permissions are static and not database.
There are 3 users
User 1 -> permissions A / B / C
User 2 -> permissions B / C
User 3 -> permissions C
In your login SA, you can set multiple SESSION values - one for each type of role/permission A,B,C based on username - since its all static user data that you are working on.
Then, on your page, use PHP scripting to access the session value and conditionally show/hide the menu links. Using CR or Wappler’s show/hide are client side, so the links are still visible in dev tools. With PHP scripting, the links will not even render on client side.
EG:
<ul>
<? if($_SESSION['permissionA'] == 'yes'){ ?>
<li><a href="/1">Link 1</a></li>
<? } ?>
<? if($_SESSION['permissionA'] == 'yes' || $_SESSION['permissionB'] == 'yes'){ ?>
<li><a href="/2">Link 2</a></li>
<? } ?>
<li><a href="/3">Link 3</a></li>
</ul>
This is untested code, but I hope you get the logic.
I understand the logic.
What I didn’t quite understand is where and how to create the SESSION Values
Just after the security login should do.
You can add condition steps and set session steps below that to configure as per your requirement.
The SA does not end after security login step.
Also, you no longer need to add security provider in the steps - this change was done in v4.x - it just needs to be defined in Globals.
I’m a bit confused. I think I understand what you want to achieve
I create three SESSION for the three permissions, but then I can’t figure out how to set the values of the three sections, according to the logged in user
With security identity step, you are returned the identifier of the logged in user.
Add the step with output on to see what the value is.
You can use that in condition step to set value in the session variables.
I don’t remember for static login… for DB login, the user_id field set in the provider is returned as identity.
What I can’t figure out is just how to use static permissions
As you can see in the screenshot, the three SESSION have been created and after the Security Login action if I insert a SET SESSION action I can only set the identity value.
But if I’m not mistaken the value of identities should result in whether the user is authorized or not
But, if I’m not mistaken, it doesn’t give me the permissions associated with the user
Can you please share how your security provider configuration looks like?
I have tested in all directions, but I think what I would like is not possible in Wappler
I therefore ask Teodor and George for confirmation
My request is:
Having set Users and related Permissions in Static mode, after successful login a welcome page opens, with generic text for all authorized users, and with one or more link buttons for each Permission.
Each button should only appear if permission is granted
Created a test security provider with static access to see how it works.
What I was trying to explain, was correct.
This is how it would look like - because your users & permissions are all static, you can simply compare the value of identity with username string value.
What I am proposing is to replicate the user & permission setup as condition steps in the Login SA, and set session variables.
For all other SA, you can just use security restrict step to restrict access.
Thank you
I had already thought of a solution like this, but I have a doubt and I don’t know how to conclude
1-
I don’t know how identities are structured.
Do they contain the value of the user, the permission, or both?
I’m only interested in knowing if the user has one, two or all three permissions
Should it therefore be like this for all three allowed identities (screenshot)?
Example -> Condition {{identity2==‘management’}}
2- If it is correct, the authorized users access the welcome page, and for the three columns containing the three buttons I should insert a Conditional Region, but it does not offer me the choice of the three SESSION created
Why is it no longer possible to set Session Globals?
What exactly do you mean?
Do you mean a global set of API steps, including setting a Session value? If so, click the green ‘Globals’ word at the top
Hi Teodor
as explained in the discussion, i set up a login page with a static list of users and permissions
Each user has one or more permissions
Every time a user is recognized, another welcome page opens
My need is to have three buttons on the page that link to as many protected pages
These buttons should only be enabled and visible if the user has the correct permission
As you can see in the discussion some attempts have been made but I haven’t solved it yet
I am asking about this comment:
the rest, as i see, has already been answered by the others.