I have created a project where users can add records to a list. I dont want them to see other people's entries.
Is it possible to stop users from viewing records they did not author?

Do I need a fork for that?

In another post I see someone trying to filter what shows in the grid and the cook wrote:

"Now you need now to add some lines in your Proyectos model (list model) function : prepareQuery()
Add a filter, based on the same you can find in Proj_usario for created_by key. "

I am a total newbie to both cook and PHP, but I am familiar with SQL and other programming langueages. I just want to understand. Does this mean I should fork the project and find a function called something like list_model and in there I will be able to insert a query using a PHP function called "prepareQuery()". I had assumed I would be able to insert queries into cook and not need to get into PHP yet, but if I need to I can learn to do what I need to do.

I have read all the docs, but they don't seem to say anything about this.
I just need someone to point me in the right direction.

Its now available when creating menu item - no need to fork

Create collection layout (view)
In the filter brick of the collection layout
- drop a combo filter in there
- drop the user field in the combo filter

when creating a Joomla menu item
the option to filter by a specific user is on the right hand side and Admin has kindly also made a filter by current user button as well

- you may need to create a collection layout on the admin side and the respective filters for this to work
- a few weeks ago you had to have an admin side collection view... (but unsure if necessary now)

BTW - if you want to set more filters such as display all my contacts from the work category
when creating a menu item drop more FK fields into combos in the filter brick

that way you can create menu items that limit the results further
it should look something similar to this
REQIUREMENTS

Select Category	[select category dropdown combo]	SELECT	CLEAR
Select modified_by Users	[select modified_by users dropdown combo]	SELECT	CLEAR

Are you aware of the authoring permissions such as view own, edit own, delete own???
- if your not... you can further set authoring permissions in the config area from the administrator side - use the [config button] - permissions tab

@BTB300
Thank you very much, I was forgotteing the new feature now you can filter on the author key more than one FK level.
I mean, the authoring system only filter the author when it is from the same table. (Cook is lacking on this). So you need a fork to filter properly for example on the Author of category, when you want to reduce all items from the allowed categories.

The solution you propose to Collins works but is not a security, only an url filter.
So, please consider to write those few lines of fork if you want an ACL proper filter.

You can instance your second level filter, it helps a lot for the fork.

@Collins
A question : is your 'created_by' key (authoring) is in the same table of your items list ?
Because if it is the same table, you do not need to fork.
Ex : If you have 'items' with 'created_by' inside : no problem. Secure and well handled for all tables in your component.
Problems comes when you want to refer the authoring key in another FK.
Ex : If your authoring is on 'categories' of items, then it is the second level of 'items'. So you need a fork when you want to list 'items' in a secure way.


If you do not need secure, but simply a different page (filtered depending on author), the you do not need to fork. The solution proposed by BTB300 works.

Thanks for your answers guys!

Good news:
The user field that I want to filter on IS in the table. So then I am understanding you to say that I can securely filter. So do I use the method of putting the user field into a combo filter, or some other method?

Thanks in advance for your help.

So far I have tried different methods but cant figure out how to do it. Can you give me a step by step for filtering to only show elements where the only records shown in the grid are those where the user matches the username (or ID) of the created_by field in the table?

You also need the publish wizzard.
All your records must be default unpublished.
A published item is public for all.

You do not need any filter particular. The wizards are doing it naturally.
I mean, then configure the ACLs correctly and the authors will be able to see/edit/delete their own contents.

If you want the feature for filtering from the menu creation (not for security, but for custom page), then instance a filter.
Then you will be able to show or not show the filter. Edit your template and remove the filters you do not want?

YES!
I see it now!
Cool !!!

I think I spoke too soon.

After your comment I spent time learning the access control system.

The only options that you can control are:

Configure
Access admin interface
create
delete
edit
edit state
view own
edit own
and delete own.

None of those can be used to limit the records a user sees to his own.

Yes, he will only be able to edit his own, but if there are 100 users on the site, he will have to search or filter through countless records to find his own. I want a user to focus on his own list in the module, and only his own entries. So to limit a user to seeing his own entries I need a fork ...

right?

And, to be clear,
I dont really want people to even have the ability to change the URL and see other people's records.

There will be rules for viewing other people's records, that will be handled by a different interface. For now I just want an interface for people to enter/edit their own records.

If a fork is needed, its probably something people have done before. Can you just point me to a good example in the forum where the query that feeds the grid is edited ?

This is very interesting topic for me indeed.
I have the same requirements for my component. Only registered users can access the component and
only their own records they can see, can edit, can delete. I do not want to see records of other users.
Many words have been said about this topic that tried to convince me that it works but I have
never managed this natively with cook. So my solution was always to addd some extra SQL lines.

I looking forward to hear how to manage it natively in cook.

Published must be set to false for each item in this case. (or eventually Trashed, Archived)
When item is published, it is visible by all ('shared')
I know I should add an ACL : core.edit.state.own in odrer to be able the user to 'Share' = Publish only its items

About FK's there was a limitation when Access applies on a FK.
Here it is now in 2.6 : Propagate access.
www.j-cook.pro/index.php/docs/versions/121-2-6

With this feature, if you decide to propagate access, then the accesses applies on childrens too.
I Love this new feature, It was really missing. It is complex SQL, but reduced to the strict necessary, and easy to implement as well.

Do not activate this feature for all your FKs if you do not need. It is adding a lot of SQL.

In your case, if I understand well, you need to activate this feature for ALL FK's refferring to your table to filter.

Need more precisions ?

I precise also that the propagation applies on 'Published', 'Viewlevel access' and 'Created by'

I am sorry,

I don't really know what I am doing, because I don't understand how best to use the "access" wizard.

I tried setting "propagate access" but I get a FATAL ERROR. Here are the details:

The table with the records I want to display is called: "Requests". It includes the published (wizard) field. It also includes the Joomla Access (wizard) field and the Joomla user (wizard) field. Here are their values:

Joomla ACCESS properties:
FK integrity = cascade
propagate access = Yes
Required = No
Unique = No

joomla USER properties:
FK integrity = cascade
propagate access = Yes
Required = Yes
Unique = No

When I tried "run in sandbox", this resulted in a fatal error:
"Call to a member function getData() on a non-object"

Only if I remove "propagate access" on both joomla Access and joomla User does the error go away and run-in-sandbox continue to the end.

So I deleted and re-added the joomla access, joomla user, and published. And I did not re-add them to the form, only the table. But I get the same error again:

"Call to a member function getData() on a non-object"

When I remove "propagate access" the error goes away.

I also don't understand what I should set in COOK and in ACL to make this work. Please tell me step by step how to create records that can only be seen by the user who created them.

Or else please show me where to put SQL in a fork.

Thanks

ETC,

Can you please show me an example of a fork that restricts the query so that it shows only the author's own records?

If you can just show me an example of what to override.

Right now I am lost.

If I had some idea where to look I could begin to piece it together. I have a few years experience in HTML, VB, C#, javascript and SQL. Not a stellar resume, but Im just trying to make a small change for my own personal site. I bought books on PHP and I can figure it out if I just have some idea where to look. Any help would be appreciated.

Thanks

Ray