Page 1 of 1

Grant access to 3rd party for a single record

PostPosted: Mon Mar 08, 2010 6:37 am
by tomhousley
Hello,

I have a table with details of my prospects and customers.

I would like to be able to generate a link when I add or update a customer to my database which is sent by email to the customer so they can edit, but not delete their details.

I will use afterupdate or similar function in my tbl_organisations table delegate class, where $message contains a link:

Code: Select all
function afterUpdate(&$record){
//gets current logged in user//
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();

mail($to, $subject, $message, $headers);
}


Is there a way to automatically grant access to a specific record by means of a randomly generated username & password, so they will receive a link by email inviting them to update their details?

Hope the question is clear.

Many thanks, Tom

Re: Grant access to 3rd party for a single record

PostPosted: Tue Mar 09, 2010 8:54 am
by shannah
Here are a couple of strategies.

1. Store a 'secret code' with the record and pass this secret code to the user as part of the link. In the beforeHandleRequest method you check for this secret code and store it in the session variables. In getPermissions for the record you check for this secret code and grant access accordingly.

2. Store actual username/password in the users table, and store the username in the record, then compare against this in your getPermissions() method (and of course send the username/password to the user).

-Steve