Grant access to 3rd party for a single record

Archived from the Xataface Users forum.

tomhousley — Mon Mar 08, 2010 6:37 am

Hello,

I have a table with details of my prospects and customers.

I would like to be able to generate a link when I add or update a customer to my database which is sent by email to the customer so they can edit, but not delete their details.

I will use afterupdate or similar function in my tbl_organisations table delegate class, where $message contains a link:

Code: Select all

`function afterUpdate(&$record){
//gets current logged in user//
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();

mail($to, $subject, $message, $headers);
}`

Is there a way to automatically grant access to a specific record by means of a randomly generated username & password, so they will receive a link by email inviting them to update their details?

Hope the question is clear.

Many thanks, Tom

---

shannah — Tue Mar 09, 2010 8:54 am

Here are a couple of strategies.

1. Store a ‘secret code’ with the record and pass this secret code to the user as part of the link. In the beforeHandleRequest method you check for this secret code and store it in the session variables. In getPermissions for the record you check for this secret code and grant access accordingly.

2. Store actual username/password in the users table, and store the username in the record, then compare against this in your getPermissions() method (and of course send the username/password to the user).

-Steve