TEST RESULTS: join does not do what I need
I tried your suggestion - did joins in both directions, in fact. In this post I am referring to my authentication view as AUTH .. full name is a lot longer
. Everything in this post is based on actual testing.
1. Joining PERSON to AUTH
For a join to do what I want (allow me to grant a team leader access to only the records of the people on his/her team), the query on my AUTH view has to be filtered before joining to the PERSON table. So I can't make my view the "right side" of the join (i.e. start from PERSON and then join to my AUTH view), because the join condition doesn't allow for a pre-filter on the "right side" table. I have tested this out. I can do the join, and I will be allowed to add records to the People table or edit current records (I've tried it), but the join to the unfiltered AUTH view has the net effect of giving me multiple copies of each record in the PERSON table, depending on how many times this particular PER_ID is referenced in the AUTH view.
If I try to create a Fabrik table based on the AUTH view, and apply the filter ( basically it is LOGON_ID = $my->id ) to this Authentication Fabrik table, then use the underlying view as the basis for the right side of a JOIN to the PERSON table, it still doesn't limit the records the way I want. There doesn't seem to be any way of filtering the right side of a join in Fabrik.
2. Joining AUTH to PERSON
If I start with my AUTH view, and build a Fabrik table on this, I can filter it on [ LOGON_ID = $my->id ] and do a join to the PERSON table (i.e. put AUTH on the left, side, PERSON on the right side of the join), and I see only the PERSON records that the current user is authorized to see. I already knew I could do this; I?d done it before. But because the AUTH view is the left side of the join, I am not able to edit the PEOPLE records or add new ones.
3. The core issue here is that the JOIN is not a true MASTER/DETAIL relationship - i.e. does not seem to allow independent transaction processing for the DETAIL record - in this case the PEOPLE record. So, since the LEFT SIDE of the join is a view, the RIGHT side cannot have records added to it, nor can existing records be updated. The PEOPLE record cannot have records added to it independently of the AUTH view. Since the view does not allow any edits, when I try to add records to the PEOPLE table nothing happens.
But I want to point out that the core problem here is NOT that I am using a view. The core problem is a limitation in what the join allows. To test this theory I did a straight table-to-table join. My goal was to see if I could add a record to ONLY the right side table, without doing anything at all to the LEFT SIDE table (i.e. simply allowing it to supply a key value for the right side table). Fabrik did not allow me to do this; I had to add a record to the left side table as well. If I don't add one, Fabrik/MySQL adds a record to the left side table automatically. If the join column of the left side table has AUTOINCREMENT turned on, a row is added to the table on the left side of the join using the AUTOINCREMENT value for the primary key. If AUTOINCREMENT is not specified, it seems to add a row to the left side table with ID = 0, if this value does not already exist. This is a bit unexpected ... and coming from Oracle (where joins are very tightly controlled) strikes me as a bit flakey - but my point is that the join mechanism does not allow rows to be added to the right side table independently of the left side (parent) table.
This is a serious limitation for anyone who has worked in an environment where true MASTER/DETAIL relationships are possible. I don't want to ask for the moon, stars, and sky here - but since the join mechanism is not flexible enough to accommodate what I need to do (and maybe it doesn?t need to be more flexible for most of your users), it would be nice if a more flexible filtering option (DIY filter as suggested by Hugh) were available for tables in Fabrik. This would allow me to control access to data based on who is logged on, using my view, and to allow editing or creation of new records depending on the access level of the person ... if I can get my PHP script submission issues sorted out - other thread
But I think the existence of a DIY filter option would add value for other users as well - at least, those who understand relational database concepts.
So - over to you. Are you guys willing to add the DIY filter option ? If not - I don't know whether I can use Fabrik to do what I was hoping to do. Maybe there's another way, but using a JOIN doesn't seem to be what I need, unless you can provide MASTER-DETAIL joins, with new detail records automatically being populated with the value of the join_Id from the current record of the master table. But this is probably a much more complicated development effort than just adding the DIY filter option.
I know you're doing this virtually for free (even with subscription) so I can hardly complain - but if you can let me know realistically whether you will be able to do this, I can make a decision as to whether I can keep working with Fabrik. I hope the answer is yes because I've invested a lot of time and effort already, and I would like to get past the current frustrations to some real productivity. I do appreciate the time you've already taken on this.