-
Notifications
You must be signed in to change notification settings - Fork 0
Edit View Mode Design
The view/edit mode is controlled permission set on the browsers session ID.
The SID permissions are set when the SID is assigned for the session.
The SID and permissions are set though the default.php script.
The default.php script assigns a SID to the session with an expiry of 1 hour the redirects the browser to MainPage.html.
If the default.php is called with a Key=update then the assigned SID will be given an elevated run level.
i.e. http://localhost/default.php?Key=update
if MainPage.html is loaded without an SID set then it will redirect to default.php.
The run level is set though the IMSSql->set_sid() function.
IMSSql->set_sid($sid,$date,$ip,$key)
This function adds a new sid to the SID_List table using the data IP and key data. The key is what was passed though the default.php script.
The run level can be retrieved though the IMSSql->verifySID() function.
IMSSql->verifySID(SID,runlevel=0)
This function verifies that the run level of the passed SID matches or exceeds the passed run level, if the SID's run level does not meet the requested run level an exception is thrown. The function also returns the level of the SID.
i.e. $runLevel = $sql->verifySID($sessionID,"1"); //1 = Requires edit privileges.
This verifies the SID and checks that it has a run level of 1. If the SID does not an exception will be thrown and the script will end preventing the action of occurring.
The SID_List table has 5 columns:
- ID - Auto incremented database ID.
- SID - The SID generated by default.php
- IP - The connection IP of the browser that requested the SID
- Level - The run level assigned to the sid, 0 for view, 1 for update.
- Expiry - The time before the SID run level expires.
The SID and its permissions are renewed for another hour every time an action is performed. This is accomplished by renewSID functions in main.js and IMSSql. They are called by sendBackendReqeuest and verifySID respectively.