[Zope-CMF] using a sql method in plone..
alan runyan
alan runyan" <runyaga@runyaga.com
Sat, 3 Aug 2002 21:30:57 -0500
Chris,
please do not post to the mailing list using HTML format - its considered
'rude'.
>Could someone please give me an explanation on how the user profile (user
id) is referred to so I can associate it with a sql column to be
inserted/selected as? For example, if the
>username is "chris", how would I view all of the data in a table that has
to do with that user id? Such as;
>Select * from table where userid="chris";
erm.
create a ZSQLMethod, sqlFetchDataByUserid that has 1 parameter called userid
that does the
select * from table where userid=<dtml-sqlvar userid type="string">
then with a Python Script you can grab the username and then call the
sqlmethod and return the results. this way you can put some login in the
python script to securely make
sure the person who is asking for the data is ok to view it.
from AccessControl import getSecurityManager
userid=getSecurityManager().getUser().getUserName()
resuts = context.sqlFetchDataByUserid(userid=userid)
return results
>I want to enable each person to only see/modify their record(s) in the
table. Seems like a pretty simple question??
it is a simple question, and as above shows .. its quite simple
>Any simple way of doing this with CMF/plone or should I just use a unique
id and have them enter their name to pull that record. One thing is that I'
m concerned about other
>people guessing and pulling up other names to then modify. Hrmmmm.
you should never let m them enter their name. you can get this information
from ZOPE baed on the application level security.
~runyaga
p.s. select * from table is bad practice you really ought to select col1,
col2, col3 from table