TableRestrict — restrict database searches to rows satisfying given criteria
The directive is used to emulate database "views" in database-based searches.
For each database search, additional "filtering" will be performed
and only rows satisfying given condition will be returned. Commonly,
you will want to use something like owner=username
, to
restrict searches to just rows that the corresponding users "own".
Example: Restricting database searches to username
The following would prevent database searches from returning any records,
except those where the column owner
contains the current value of [data session username]
.
TableRestrict products owner=username
As you can see from the ad-hoc example above, owner
is a
database column name, and username
is the key
from the session database. (The user's [data session username]
must match the value of the owner field
if a record is to be returned in a search operation).
Example: Restricting edit to owned fields
TableRestrict
is also useful in embedded Perl code:
[calc] # Restrict edit to owned fields $Config->{TableRestrict}{products} = 'owner=username'; return; [/calc]
(Note that the above example works because value of the TableRestrict
config directive is overridden only for the duration of the current page —
for next page or access, TableRestrict
will again have the original
value).
Example: Searching using SQL
When using SQL-based database searches, the owner=username
directive in effect turns the base search query of say,
SELECT * FROM products
into
SELECT * FROM products WHERE owner = '[data session username]'
TableRestrict
does not affect the text searches.
The directive may be useful in "mall" situations, where user is allowed to only see products from the current store ID.
Interchange 5.9.0:
Source: lib/Vend/Config.pm
Line 3188 (context shows lines 3188-3205)
sub parse_hash { my($item,$settings) = @_; if (! $settings) { return $HashDefaultBlank{$item} ? '' : {}; } my $c; if(defined $C) { $c = $C->{$item} || {}; } else { no strict 'refs'; $c = ${"Global::$item"} || {}; } return hash_string($settings,$c); }