Understanding Aiki Permissions
From Aikiframework wiki
The few widget fields that require attention, are also under the 'Permissions' tab:
- Require Special Permissions (Yes/No)
- This must be set to yes to activate permissions on a widget.
- Authorized Select Statement
- If you need to select something from a table/database while authorized.
- Authorized Content
- This is what appears if the user has proper access privileges. You may enter Aiki markup here just like the 'content' field.
- Permissions Group
- This is where you can control access through defining a group. You can define groups in 'aiki_users_groups' . More on this later.
SystemGOD normal
Permissions Practices
Aiki Markup in widget fields and User variable selectors
Ok, this sound complicated. It is not. Read this section if you are creating a website that insists almost entirely of authorized pages (think facebook, gmail etc.) And by authorized pages I mean pages authorized separate from your admin interface (but admin users are able to be logged into both.)
Every user session has a few variables that are accessible via aiki markup they are:
- [userid]
- this is the user id of the logged in user as defined in the aiki_users table
- [username]
- The username of the logged in user (not to be confused with full_name) from the aiki_users table.
Advanced SQL Statements
Why? Lets give an example. Maybe you want to select all the records from a table that belong to a specific user in a widget since the table is being used by other logged in users. Mainly to prevent people from looking at others' data, and to reduce records. Lets say you want a user to edit their own user entry in the aiki_users table and change their address.
select statement:
SELECT * FROM aiki_users
- This will select all fields from all aiki_users
SELECT * FROM aiki_users where id=[userid]
You can select quite a lot, and also use sql statements (and joins etc.) to select and combine complex sets of data, and use aiki to display it. You'll find that its much easier and more intuitive to write an sql statement than to deal with an object oriented syntax to access table data.
