script navigation question

[innodes]

I am using a script navigation system based on one from JMO. It is working great! It uses the table name plus a portion of the layout name in combination of a strick layout naming convention to navigate.

ie, Get (LayoutTableName) & "_list" in the Sample table navigates to the Sample_list layout.

The system has really helped simplify my db. I have introduced various validation scripts and previledge checks. There is one that works when written specifically to the layout, but doesn't when trying to call that layout table name in order to "build" the correct layout name. I'm pretty sure my syntax is off.

This portion of the script is to allow only the original author of the data into an edit layout:

This works as a direct call:

The table is Data, the field is data_user_id

If [Get (UserName) = Data::data_user_id]

Perform Script ["Go To Edit"]

I think what I need is something like this, but the Specify Calculation won't let me enter it:

Get ( UserName ) = Get ( LayoutTableName ) : Get ( LayoutTableName) & "_user_id"

How do I do this?

thanks,

idee

Edited June 5, 2008 by Guest

[Fitch]

You'd need to write that:

Get ( UserName ) = Get ( LayoutTableName ) & "::" & Get ( LayoutTableName) & "_user_id"

[innodes]

THANK YOU

I was messing with this for quite a while, but missed the simple thing. Thanks again!

[innodes]

OK, it was working, but for whatever reason, now is not. Please see the attached screen shot. It is the script with a Data Viewer window on top of it. The script jumps from the IF to the ELSE as if the data did not match, but if you look at the Data Viewer, it seems like there is a clean match.

any help is greatly appreciated,

thanks,

[comment]

The text string "mbigg1" does NOT equal the text string "KNUMBERS::KNUMBERS_user_id". You need to use the GetField() or Evaluate() function to convert a string to a field reference.

BTW, I am not sure what you're doing, but it doesn't seem like a good system to handle user's privileges:

http://fmforums.com/forum/showtopic.php?tid/180727/

[innodes]

Thanks,

I used Evaluate, and it worked.

Get ( UserName ) = Evaluate ( Get ( LayoutTableName ) & "::" & Get ( LayoutTableName ) & "_user_id" )

I am not checking against privileges or setting anything. All this script is intended to do is to verify if this is the user that created this original record. If so, they get access to edit limited information, if not they are turned away. Is that dangerous? I have printed the link on the vulnerability and will be reading it.

If you have any additional feedback, I am open to listen and learn.

thanks again for the help and comments.

[comment]

I believe it's much better to do this in Account & Privileges, even if it means setting it up for each table. This way it will not depend on layout naming or script running - instead, it will be protecting the data directly at data level.

In your example, I could probably create a new file, define a relationship to your file, put your fields on MY layout and edit away in any record.

You'd probably be better off using account name instead of user name too.

[innodes]

It does use the AccountName with a priviledge set for access to this part of the database. This user will already be within a secured area. This just narrows it a bit more to author per record.

thanks again