Filtering a Grid with a Session Variable - Tutorial

Description

How to filter the records that an application displays

Many web application developers want to filter the records that they display, so that a user sees only the records that belong to him or her. This topic explains the technique to use. The following grid component displays all the records of the invoice_items table. The check boxes in the Search Part, the radio buttons in the Quick Search, and the drop down list box in the Payment column display all the payment methods found in the invoice_header table.

The user_names and invoice_items tables havean eight character field named userid.

When you log into this application, the logindialog component on the login.a5w page runs the following code in its validate event.

if user_name = "" .or. password = ""
then
currentform.has_error = .t.
currentform.error_message = "User name or password cannot be blank."
else
dim correct_password as c
DIM level as N
correct_password = lookup("[PathAlias.ADB_Path]\user_names", "user_name=" + quote(user_name), "password")
if correct_password = password then   
level = lookup("[PathAlias.ADB_Path]\user_names", "user_name=" + quote(user_name), "level")
session.protectedSecurityLevel = level   
session.protectedUserID = lookup("[PathAlias.ADB_Path]\user_names", "user_name=" + quote(user_name), "UserID")   
session.WASDemo.UserName = user_name
else  
currentform.has_error = .t.   
currentform.error_message = "Invalid user name or password."
end if
end if

The interesting part of this code is this line. This line creates the protected session variable session.protectedUserID and assigns it the value it reads from the user_names table.

session.protectedUserID = lookup("[PathAlias.ADB_Path]\user_names", "user_name=" + quote(user_name), "UserID")

The A5W page that contains the filtered grid component shown above initially has the following code.

with tmpl_Selected_Invoic
componentName = "Selected_Invoic"
end with

After editing, it looks like this.

with tmpl_Selected_Invoic
componentName = "Selected_Invoic"
DBF.filter = "userID = " + quote(session.protectedUserID)
SearchField_Info[1].CheckBox.Filter = "userID = " + quote(session.protectedUserID)
field_info[7].DropDownBox.Filter = "userID = " + quote(session.protectedUserID)
QuickSearch.Radiobutton.Filter = "userID = " + quote(session.protectedUserID)
end with

The following line sets the DBF.filter property of the grid, which selects the records it displays. The records must have a userid value that matches the session.protectedUserID set at logon.

DBF.filter = "userID = " + quote(session.protectedUserID)

This line sets the CheckBox.Filter property of the check boxes in the Search part control, which displays only the user's allowed payment methods. The records must have a userid value that matches the session.protectedUserID set at logon.

SearchField_Info[1]. CheckBox.Filter = "userID = " + quote(session.protectedUserID)

The next two lines use the same techniques to set the DropDownBox.filter property of the seventh control, which is a drop down list box, and the radio buttons of the Quick Search.

field_info[7].DropDownBox.Filter = "userID = " + quote(session.protectedUserID)
QuickSearch.Radiobutton.Filter = "userID = " + quote(session.protectedUserID)

This version of the same grid displays only the records for the user whose userid from the user_names table matches the eight character userid value in these invoice_items table records. In addition, the check boxes in the Search Part, the radio buttons in the Quick Search, and the drop down list box in the Payment column display only the payment methods allowed for the current user. This information is retrieved from the payment_methods table.