Re: [CDBI] Connection with a fixed "where" clause.

>=20

--===============0492139034==
Content-Type: multipart/alternative; 
	boundary="----=_Part_3301_5584893.1124709444018"

------=_Part_3301_5584893.1124709444018
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Class::DBI::View *might* do what you're wanting

On 8/22/05, Karl.Moens@xxxxx.xxx <Karl.Moens@xxxxx.xxx> wrote:
>=20
>=20
> Hi ListMembers,=20
>=20
> Is it possible to have a class with a fixed "where" clause?=20
>=20
> I was thinking of the following situation. I have a big database with a=
=20
> lot of customer related info (let's say ordering info). I would like to h=
ave=20
> one Catalyst application to access this database, but depending on who is=
=20
> using it, they should only be able to see the records of one customer onl=
y.=20
> I probably can do it by adding some hidden fields in the forms or some=20
> parameters in the URL and build a "where" clause out of it for each acces=
s,=20
> but that would be easy to "break" and thus allow the user to see other=20
> customers' data. Therefore I was thinking of setting up a CDBI-class whic=
h=20
> would have this "where" clause built-in, so that it was impossible to get=
=20
> outside of the allowed set of records (it would be like some sort of "VIE=
W"=20
> on the database, but the version of MySQL I'm using doesn't support VIEWs=
=20
> yet). All I would have to do is to switch to another Model-class if the=
=20
> customer changes. The way Catalyst works it would be transparent for the=
=20
> rest of the application.=20
>=20
> But can it be done in CDBI?=20
>=20
> I haven't written any code yet, it is just a thought experiment right now=
=20
> to see if it can be done at all. Any pointers in the right direction (or =
a=20
> simple" It cannot be done") will help.=20
>=20
> Karl=20
> (aka CountZero on PerlMonks)=20
>=20
>=20
>=20
>=20
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This message and any attachments are confidential. If you have received=
=20
> this message in error please delete it from your system. If you require a=
ny=20
> assistance please notify the sender. Thank You.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
=20
> _______________________________________________
> ClassDBI mailing list
> ClassDBI@xxxxx.xxxxxxxxxxxxxxxx.xxx
> http://lists.digitalcraftsmen.net/mailman/listinfo/classdbi
>=20
>=20
>

------=_Part_3301_5584893.1124709444018
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Class::DBI::View *might* do what you're wanting<br>
<br><div><span class=3D"gmail_quote">On 8/22/05, <b class=3D"gmail_senderna=
me"><a href=3D"mailto:Karl.Moens@xxxxx.xxx">Karl.Moens@xxxxx.xxx</a></b>; &l=
t;<a href=3D"mailto:Karl.Moens@xxxxx.xxx">Karl.Moens@xxxxx.xxx</a>&gt; wrot=
e:</span>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><font face=3D"sans-serif" size=3D"2">Hi ListMembers,</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">Is it possible to have a class wit=
h a fixed &quot;where&quot; clause?</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">I was thinking of the following
situation. I have a big database with a lot of customer related info
(let's say ordering info). I would like to have one Catalyst
application to access this database, but depending on who is using it,
they should only be able to see the records of one customer only. I
probably can do it by adding some hidden fields in the forms or some
parameters in the URL and build a &quot;where&quot; clause out of it for ea=
ch
access, but that would be easy to &quot;break&quot; and thus allow the user=
 to
see other customers' data. Therefore I was thinking of setting up a
CDBI-class which would have this &quot;where&quot; clause built-in, so that=
 it
was impossible to get outside of the allowed set of records (it would
be like some sort of &quot;VIEW&quot; on the database, but the version of M=
ySQL
I'm using doesn't support VIEWs yet). All I would have to do is to
switch to another Model-class if the customer changes. The way Catalyst
works it would be transparent for the rest of the application.</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">But can it be done in CDBI?</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">I haven't written any code yet, it
is just a thought experiment right now to see if it can be done at all.
Any pointers in the right direction (or a simple&quot; It cannot be done&qu=
ot;)
will help.</font>
<br>
<br><font face=3D"sans-serif" size=3D"2">Karl </font>
<br><font face=3D"sans-serif" size=3D"2">(aka CountZero on PerlMonks)</font=
>
<br>
<br><font face=3D"sans-serif" size=3D"2"><br>
<br>
<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
This message and any attachments are confidential. If you have received
this message in error please delete it from your system. If you require
any assistance please notify the sender. Thank You.<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</fo=
nt>
<br>_______________________________________________<br>ClassDBI mailing lis=
t<br><a onclick=3D"return top.js.OpenExtLink(window,event,this)" href=3D"ma=
ilto:ClassDBI@xxxxx.xxxxxxxxxxxxxxxx.xxx">ClassDBI@xxxxx.xxxxxxxxxxxxxxxx.x=
et
</a><br><a onclick=3D"return top.js.OpenExtLink(window,event,this)" href=3D=
"http://lists.digitalcraftsmen.net/mailman/listinfo/classdbi"; target=3D"_bl=
ank">http://lists.digitalcraftsmen.net/mailman/listinfo/classdbi</a><br><br=
><br>
</blockquote></div><br>

------=_Part_3301_5584893.1124709444018--


--===============0492139034==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ClassDBI mailing list
ClassDBI@xxxxx.xxxxxxxxxxxxxxxx.xxx
http://lists.digitalcraftsmen.net/mailman/listinfo/classdbi

--===============0492139034==--