Form "only serv if"

[Alberto]

Hi,
NT6.55

I need to limit the access of a loggedin user to a form that is not of its property.
Suppouse a user logged in try to access a record from another user typing:

http://127.0.0.1:88/uPatient?change_btn=change&dat:id=1

Then I check for that in the "only serv if" returning a -3 if the page must not be served, some code like:

  If (p_stage=ChangeRecord + NET:WEB:StagePre or p_stage=DeleteRecord + NET:WEB:StagePre)
     if VerCliUser(DAT:ID_MAIN_CLINIC,p_web.gsv('login_id')) = false
        Return -3
     end
  End

I´ve verified that the return -3 is executed but the page is served.

This code used to work on earlier version of NTWS.

Any thing I can change to make it work?

Thanks

[Bruce]

I'm sorry, I don't understand the question.

cheers
Bruce

[Alberto]

Sory,
Supouse you have two users, each one loggsin with its own user/pass
There are a Patients Table in which each user add its patients and they can see only its own patientes because of the browse filter.
But if any user type in thee xplorer:

http://YourServer/uPatient?change_btn=change&dat:id=1

and the patient with that dat:id is from another user, it can see and change a patient wich does not own.

Is it more clear?

Thanks

[kevin plummer]

Using sequential ID numbers is not recommended. Also, there are some changes in NT7 to avoid the problem you describe.

[Alberto]

Thanks Kevin,
Where can I read about this NT7 new feature.
Regards

[Bruce]

see FAQ W4

[urayoan]

michelis

http://capesoft.com/docs/NetTalk7/NetTalkWebFAQ.htm#W4

[Alberto]

Thank you very much,
I realized thet this method exists in NT6 too
The goal would be an option for the form to work only if it is called with _bdiv_ param
This will avoid the use of xxx:id=nn
May be this is what NT7 has?
Thanks

[Bruce]

NT7?  That's soooo yesterday....

[terryd]

You can only say that tomorrow 

[Alberto]

ok, ok NT8
but how about my idea?