 |
Xataface 2.0
Xataface Application Framework
|
|
Xataface 2.0
Xataface Application Framework
|
The API of available methods that can be defined in a table delegate class. More...
Initialization | |
| init (Dataface_Table $table) | |
| Called after a table is loaded for the first time each request. | |
Permissions | |
| getPermissions (Dataface_Record $record) | |
| Returns associative array of permissions that should be granted to the current user on this record. | |
| getRoles (Dataface_Record $record) | |
| Returns one or more roles that are to be granted to the current user for the specified record. | |
| __field__permissions (Dataface_Record $record) | |
| Returns default permissions for all fields of the given record to be granted to the current user. | |
| __field__roles (Dataface_Record $record) | |
| Returns the roles for all fields of the given record to be granted to the current user. | |
| fieldname__permissions (Dataface_Record $record) | |
| Returns the permissions for a particular field of the given record. | |
| fieldname__roles (Dataface_Record $record) | |
| Returns the roles for a particular field of the given record. | |
| rel_relationshipname__permissions (Dataface_Record $record) | |
| Returns the permissions for a particular relationship of the given record. | |
| rel_relationshipname__roles (Dataface_Record $record) | |
| Returns the roles for a particular relationship of the given record. | |
| no_access_link (Dataface_Record $record, $params=array()) | |
| Returns the link that should be returned by Dataface_Record::getURL() if the user isn't granted the 'link' permission on the given record. | |
| no_access_text (Dataface_Record $record, $params=array()) | |
| Returns the text that should be returned by Dataface_Record::display() if the user doesn't have 'view' permission for the record. | |
Record Metadata | |
| getTitle (Dataface_Record $record) | |
| Returns the record's title. | |
| getURL (Dataface_Record $record, $params=array()) | |
| Returns the URL of the given record. | |
| getLastModified (Dataface_Record $record) | |
| Returns the Unix timestamp representing the last modification time of the given record. | |
| getDescription (Dataface_Record $record) | |
| Returns a brief description of this record for use in lists, RSS feeds, and more. | |
| getCreator (Dataface_Record $record) | |
| Returns the name of the user who created this record (i.e. the record author). | |
| getPublicLink (Dataface_Record $record) | |
| Returns the publicly accessible URL for a given record. | |
| getBreadCrumbs (Dataface_Record $record) | |
| Returns the breadcrumbs to a given record. | |
| getChildren (Dataface_Record $record) | |
| Returns the records that are considered to be children of the given record. | |
Field Filters | |
| fieldname__display (Dataface_Record $record) | |
| Overrides the display of the specified field name for the given record. | |
| fieldname__format ($value) | |
| Formats the output value of a particular field. In constrast to fieldname__display() this does not take the Dataface_Record as a parameter. As such it can be used to format arbitrary values in a consistent way. If you don't need information from the record when formatting a value for display, it is preferred to use this method since it is more generic. | |
| fieldname__toString (Dataface_Record $record) | |
| Overrides the string value of specified field for a given record. | |
| fieldname__htmlValue (Dataface_Record $record) | |
| Overrides the HTML display value of a field for a given record. | |
| fieldname__parse ($value) | |
| Overrides the parsing behavior for normalizing a field value. This will dictate how values are transformed when being added to the record via setValue() | |
| fieldname__serialize ($value) | |
| Serializes a field value to prepare it for insertion into an SQL query. | |
| fieldname__default () | |
| Returns the default value for a specified field when new records are inserted. | |
| fieldname__link (Dataface_Record $record) | |
| Provides a link to obtain more information about a field on the edit form. | |
| fieldname__pushValue (Dataface_Record $record, HTML_QuickForm_element $el) | |
| Retrieves the field value from a form widget in a format that can be inserted into a record using the Dataface_Record::setValue() method. | |
| fieldname__pullValue (Dataface_Record $record, HTML_QuickForm_element $el) | |
| Retrieves the value for a field from a record in a format that can be set in a form widget. | |
Calculated Fields | |
| field__fieldname (Dataface_Record $record) | |
| Defines a calculated field that can be used just like any other field in the table. | |
Record Triggers | |
| beforeSave (Dataface_Record $record) | |
| Trigger called before a record is saved. | |
| afterSave (Dataface_Record $record) | |
| Trigger called after a record is saved. | |
| beforeInsert (Dataface_Record $record) | |
| Trigger called before a record is inserted into the database for the first time. | |
| afterInsert (Dataface_Record $record) | |
| Trigger called after a record is inserted into the database for the first time. | |
| beforeUpdate (Dataface_Record $record) | |
| Trigger called before a record is updated. | |
| afterUpdate (Dataface_Record $record) | |
| Trigger called after a record is updated. | |
| beforeDelete (Dataface_Record $record) | |
| Trigger called before a record is deleted. | |
| afterDelete (Dataface_Record $record) | |
| Trigger called after a record is deleted. | |
| beforeAddExistingRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before an "existing" related record is added to a relationship. | |
| afterAddExistingRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after an "existing" related record is added to a relationship. | |
| beforeAddNewRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before a "new" related record is added to a relationship. | |
| afterAddNewRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a "new" related record is added to a relationship. | |
| beforeAddRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before a related record is added to a relationship (either new or existing). | |
| afterAddRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is added to a relationship (either new or existing). | |
| beforeRemoveRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is removed from a relationship. | |
| afterRemoveRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is removed from a relationship. | |
| afterCopy (Dataface_Record $original, Dataface_Record $copy) | |
| Trigger called after a record is copied. | |
Action Triggers | |
| after_action_edit ($params=array()) | |
| Trigger fired after the 'edit' action has completed successfully. | |
| after_action_new ($params=array()) | |
| Trigger fired after the 'new' action has completed successfully. | |
| after_action_delete () | |
| Trigger fired after the 'delete' action has completed successfully. | |
Template Customization | |
| block__blockname (array $params=array()) | |
| Fills a block or slot in a template when operating in the context of the delegate class's table. | |
List Tab Cutomization | |
| fieldname__renderCell (Dataface_Record $record) | |
| Overrides the display of a table cell for a field in list view. | |
| renderRow () | |
| Overrides the display of a table row in list view. | |
| renderRowHeader (Dataface_Record $record) | |
| Overrides the headings row for the list view table. | |
View Tab Customization | |
| section__sectionname (Dataface_Record $record) | |
| Defines a new section on the view tab. | |
Full-text Search | |
| getSearchableText (Dataface_Record $record) | |
| Returns the indexable text to be used for the full-text site search feature. | |
RSS Feed Customization | |
| getFeedItem (Dataface_Record $record) | |
| Returns a data structure with the contents to be included in the RSS feed. | |
| getFeed (array $query) | |
| Returns data structure with settings for the RSS feed as a whole. | |
| getFeedSource (array $query) | |
| Returns the source URL for the RSS feed that is generated by the given query. | |
| getRelatedFeed (Dataface_Record $record, $relationship) | |
| Returns details about a feed of related records. This overrides the feed details for related feeds. | |
| getRSSDescription (Dataface_Record $record) | |
| Overrides the description or body of a record as it is displayed in an RSS feed. | |
XML Output Customization | |
| toXML (Dataface_Record $record) | |
| Overrides the XML output of a record as it would appear in Xataface's export_xml action. | |
| getXMLHead (Dataface_Record $record) | |
| Returns XML content to be included at the beginning of the XML representation of this record. | |
| xmlTail (Dataface_Record $record) | |
| Returns XML content to be included at the end of the XML representation of this record. | |
Valuelist Customization | |
| valuelist__valuelistname () | |
| Defines a valuelist on the table. | |
Importing Records | |
| __import__filtername ($data, array $defaults) | |
| Defines an import filter that can be used to import records into the table. | |
Table Settings | |
| __sql__ () | |
| Defines an SQL query that should be used for loading data from this table. | |
Form Validation | |
| fieldname__validate (Dataface_Record $record, $value, array &$params) | |
| Validates form input for a field. | |
The API of available methods that can be defined in a table delegate class.
| __field__permissions | ( | Dataface_Record $ | record | ) |
Returns default permissions for all fields of the given record to be granted to the current user.
| Dataface_Record | $record | The record that is subject of these permissions. |
Implementing the __field__permissions() method in your delegate class allows you to define the default permissions that should be applied to each field of the table.
Setting field defaults can be important if you want, for example, only certain fields to be editable, but all other fields to be read only. In such a case you would need to set the record-level permissions to allow editing (in order for users to even access the 'edit' action), then set the default field permissions to read only using the __field__permissions() method, then set the permissions of only the editable fields to be editable by implementing fieldname__permissions() methods for each of those fields.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
Consider the following table 'people':
CREATE TABLE `people` (
`person_id` INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
`username` VARCHAR(32) NOT NULL,
`full_name` VARCHAR(100),
`email` VARCHAR(100),
`bio` TEXT,
`admin_comments' TEXT
)
And our application is using the following 'users' table to store our user accounts.
CREATE TABLE `users` (
`username` VARCHAR(32) NOT NULL PRIMARY_KEY,
`password` VARCHAR(32),
`role` ENUM('USER','ADMIN') default 'USER'
)
And let's assume that we intend for the people.username field to represent the username of the user who "owns" the people record. (i.e. it has an implicit foreign key to users.username.
Now, suppose we want to implement the following permission structure:
In tables/people/people.php:
function getPermissions($record){ $user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser(); if ( $user and $user->val('role') == 'ADMIN' ){ // ADMIN users get full access return Dataface_PermissionsTool::ALL(); } else if ( $record and $user and $user->val('username') == $record->val('username') ){ // Regular users get edit permissions to their own people record. return Dataface_PermissionsTool::getRolePermissions('EDIT'); } else { // All other users get no access to this record. return Dataface_PermissionsTool::NO_ACCESS(); } }
In this getPermissions() method we define 3 levels of users:
Things to notice here:
If we only implemented the getPermissions() method as above, record "owners" would be able to view and edit all fields in their own people record. In fact we only want them to be able to edit the "bio" field, and we don't want them to be able to see the admin_comments field.
We implement the __field__permissions() method to limit their access to these fields:
Also in the tables/people/people.php file:
function __field__permissions($record){ $user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser(); if ( $user and $user->val('role') == 'ADMIN' ){ // Defer to record-level permissions for ADMIN users ... we have nothing // to add here return null; } else if ( $user and $record and $user->val('username') == $record->val('username') ){ // We want to make all fields read only - no editing return array('edit'=>0, 'new'=>0); } // For all other situations just defer to the record level permissions return null; }
In this __field__permissions() method we first defer admin users to their normal record level permissions because we don't wish to modify their permissions in any way at the field level (they can already do everything and that's how we like it).
For users who own a record, we return permissions array that explicitly disallows only those permissions that we want to disallow. Notice that it wouldn't be sufficient here to return Dataface_PermissionsTool::READ_ONLY() because that would return only an array of the permissions that the user is explicitly allowed - and since the result of this method is simply overlaid on top of the record level permissions it wouldn't cause any permissions granted at that level to be overridden. Hence we need to explicitly disallow the permissions here.
Another way to do this might be to start with a base of Dataface_PermissionsTool::NO_ACCESS() and then simply set 'view' = 1. However this would disallow some other 'view-ish' permissions that you may have wanted.
In tables/people/people.php:
function bio__permissions($record){
$user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
if ( $user and $user->val('role') == 'ADMIN' ){
// Defer to default field-level permissions for ADMIN users ... we have nothing
// to add here
return null;
} else if ( $user and $record and $user->val('username') == $record->val('username') ){
// We want to make the bio field editable
return array('edit'=>1);
}
// For all other situations just defer to the default field-level permissions
return null;
}
This looks almost the same as our __field__permissions() method except that we are allowing the edit permission on the field for record owners.
At this point we have almost everything the way we want it except that record owners can still see the admin comments field - but we want this to be private for administrators.
So we implement the admin_comments__permissions() method:
function admin_comments__permissions($record){
$user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
if ( $user and $user->val('role') == 'ADMIN' ){
// Defer to default field-level permissions for ADMIN users ... we have nothing
// to add here
return null;
} else if ( $user and $record and $user->val('username') == $record->val('username') ){
// Hide the field from record owners
return Dataface_PermissionsTool::NO_ACCESS();
}
// For all other situations just defer to the default field-level permissions
return null;
}
| __field__roles | ( | Dataface_Record $ | record | ) |
Returns the roles for all fields of the given record to be granted to the current user.
| Dataface_Record | $record | The record that is subject of this query. |
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
| __import__filtername | ( | $ | data, |
| array $ | defaults | ||
| ) |
Defines an import filter that can be used to import records into the table.
| string | $data | The input data that the user has uploaded. This may be in any format - you need to parse it. |
| array | $defaults | The default values that should be inserted into the fields of the newly inserted records if the import doesn't explicitly specify the values to insert. |
| __sql__ | ( | ) |
Defines an SQL query that should be used for loading data from this table.
| after_action_delete | ( | ) |
Trigger fired after the 'delete' action has completed successfully.
| array | Associative array of context variables including 'record' which is the Dataface_Record that was just deleted. |
| after_action_edit | ( | $ | params = array() | ) |
Trigger fired after the 'edit' action has completed successfully.
| array | $params | Some context parameters. This includes a the key 'record' which refers to the Dataface_Record object that was just successfully edited and saved. |
| after_action_new | ( | $ | params = array() | ) |
Trigger fired after the 'new' action has completed successfully.
| array | Associative array of context variables including 'record' which is the Dataface_Record that was just inserted. |
| afterAddExistingRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called after an "existing" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that was added. |
| afterAddNewRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called after a "new" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that was added. |
| afterAddRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called after a related record is added to a relationship (either new or existing).
| afterCopy | ( | Dataface_Record $ | original, |
| Dataface_Record $ | copy | ||
| ) |
Trigger called after a record is copied.
| Dataface_Record | $original | The original record. |
| Dataface_Record | $copy | The copied record. |
| afterDelete | ( | Dataface_Record $ | record | ) |
Trigger called after a record is deleted.
| Dataface_Record | $record | The record that was deleted. |
| afterInsert | ( | Dataface_Record $ | record | ) |
Trigger called after a record is inserted into the database for the first time.
| Dataface_Record | $record | The record that is being inserted. |
| afterRemoveRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called after a related record is removed from a relationship.
| Dataface_RelatedRecord | $record | The related record that has been removed. |
| afterSave | ( | Dataface_Record $ | record | ) |
Trigger called after a record is saved.
| Dataface_Record | $record | The record that was saved. |
| afterUpdate | ( | Dataface_Record $ | record | ) |
Trigger called after a record is updated.
| Dataface_Record | $record |
| beforeAddExistingRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called before an "existing" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that is being added. |
| beforeAddNewRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called before a "new" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that is being added to a relationship. |
| beforeAddRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called before a related record is added to a relationship (either new or existing).
| Dataface_RelatedRecord | $record | The record that is being added. |
| beforeDelete | ( | Dataface_Record $ | record | ) |
Trigger called before a record is deleted.
| Dataface_Record | $record | The record that is being deleted. |
| beforeInsert | ( | Dataface_Record $ | record | ) |
Trigger called before a record is inserted into the database for the first time.
| Dataface_Record | $record | The record that is being inserted. |
| beforeRemoveRelatedRecord | ( | Dataface_RelatedRecord $ | record | ) |
Trigger called after a related record is removed from a relationship.
| Dataface_RelatedRecord | $record | The related record that is being removed. |
| beforeSave | ( | Dataface_Record $ | record | ) |
Trigger called before a record is saved.
| Dataface_Record | $record | The record being saved. |
| beforeUpdate | ( | Dataface_Record $ | record | ) |
Trigger called before a record is updated.
| Dataface_Record | $record |
| block__blockname | ( | array $ | params = array() | ) |
Fills a block or slot in a template when operating in the context of the delegate class's table.
| array | $params | Associative array of key-value pairs passed to the block containing context information. |
| field__fieldname | ( | Dataface_Record $ | record | ) |
Defines a calculated field that can be used just like any other field in the table.
| Dataface_Record | $record | The subject record. |
| fieldname__default | ( | ) |
Returns the default value for a specified field when new records are inserted.
| fieldname__display | ( | Dataface_Record $ | record | ) |
Overrides the display of the specified field name for the given record.
| Dataface_Record | $record | The record whose data is to be displayed. |
fieldname then it is preferred to implement the fieldname__format() method.| fieldname__format | ( | $ | value | ) |
Formats the output value of a particular field. In constrast to fieldname__display() this does not take the Dataface_Record as a parameter. As such it can be used to format arbitrary values in a consistent way. If you don't need information from the record when formatting a value for display, it is preferred to use this method since it is more generic.
| string | $value | The value that is to be formatted. |
| fieldname__htmlValue | ( | Dataface_Record $ | record | ) |
Overrides the HTML display value of a field for a given record.
| Dataface_Record | $record | The subject record. |
| fieldname__link | ( | Dataface_Record $ | record | ) |
Provides a link to obtain more information about a field on the edit form.
| Dataface_Record | $record | The subject record. |
| fieldname__parse | ( | $ | value | ) |
Overrides the parsing behavior for normalizing a field value. This will dictate how values are transformed when being added to the record via setValue()
| mixed | $value | The input value. |
When Dataface_Record::setValue() is called to set the value in a field, it first tries to parse and normalize the value. Xataface has built-in parsers that work according to the type of column. However you may wish to write your own parser by implementing this method.
Any fieldname__parse() implementations must be idempotent. I.e. it must be the case that fieldname__parse(fieldname__parse($val)) == fieldname__parse($val)
This is because we need to be able to set values in fields without worrying about the value being modified by the simple act of setting the field value.
Since the fieldname__toString() method, if implemented, would be used to produce the value that is displayed in form widgets, the fieldname__parse() method must be able to handle the result of fieldname__toString() and be able to normalize it since it is effectively the inverse operation of fieldname__toString().
| fieldname__permissions | ( | Dataface_Record $ | record | ) |
Returns the permissions for a particular field of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method can be implemented to define fine-grained permissions on a particular field of the database. It can be helpful if you want to override the record-level permissions (getPermissions() or the default field permissions ( __field__permissions() ) with specific permissions for this field. See the flowchart below for details of how field-level permissions are resolved in Xataface.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
Please see the documentation for __field__examples() for a thorough example of how to define fine-grained field-level permissions using this method.
| fieldname__pullValue | ( | Dataface_Record $ | record, |
| HTML_QuickForm_element $ | el | ||
| ) |
Retrieves the value for a field from a record in a format that can be set in a form widget.
| Dataface_Record | $record | The record from which the field value is being pulled. |
| HTML_QuickForm_element | $el | The form element for which the form value should be formatted. |
| fieldname__pushValue | ( | Dataface_Record $ | record, |
| HTML_QuickForm_element $ | el | ||
| ) |
Retrieves the field value from a form widget in a format that can be inserted into a record using the Dataface_Record::setValue() method.
This method is the inverse of fieldname__pullValue().
| fieldname__renderCell | ( | Dataface_Record $ | record | ) |
Overrides the display of a table cell for a field in list view.
| Dataface_Record | $record | The subject record. |
| fieldname__roles | ( | Dataface_Record $ | record | ) |
Returns the roles for a particular field of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method is the analog of the fieldname__permissions() method except that it returns roles instead of permissions. The roles returned by this method are resolved to permissions and laid over the record-level permissions to obtain the effective field permissions.
It is rare to implement both the fieldname__roles() and the fieldname__permissions() method in the same delegate class. If this happens, though the fieldname__permissions() will take precedence.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
E.g. To define custom roles for a field named 'invoice_number':
function invoice_number__roles($record){
return 'READ ONLY';
}
Or to apply multiple roles:
function invoice_number__roles($record){
return array('ROLE 1', 'ROLE 2');
}
| fieldname__serialize | ( | $ | value | ) |
Serializes a field value to prepare it for insertion into an SQL query.
| mixed | $value | The field value that is to be serialized. |
| fieldname__toString | ( | Dataface_Record $ | record | ) |
Overrides the string value of specified field for a given record.
| Dataface_Record | $record | The subject record. |
| fieldname__validate | ( | Dataface_Record $ | record, |
| $ | value, | ||
| array &$ | params | ||
| ) |
Validates form input for a field.
| Dataface_Record | $record | The record encapsulating the record we are validating. Note that the values of this object correspond with the submitted values from the form, and not necessarily the actual values of the record in the database. |
| string | $value | The submitted value that is being validated. |
| array | &$params | An output array to pass meta-information out in case of failure. This allows only one possible key to be set: 'message'. |
function myfield__validate(&$record, $value, &$params){
if ( $value != 'Steve' ){
$params['message'] = 'Sorry you must enter "Steve"';
return false;
}
return true;
}
| getBreadCrumbs | ( | Dataface_Record $ | record | ) |
Returns the breadcrumbs to a given record.
| Dataface_Record | $record | The record to which the breadcrumbs apply. |
| getChildren | ( | Dataface_Record $ | record | ) |
Returns the records that are considered to be children of the given record.
| Dataface_Record | $record | The parent record for which children are being returned. |
| getCreator | ( | Dataface_Record $ | record | ) |
Returns the name of the user who created this record (i.e. the record author).
| Dataface_Record | $record |
| getDescription | ( | Dataface_Record $ | record | ) |
Returns a brief description of this record for use in lists, RSS feeds, and more.
| Dataface_Record | $record | The record for which the description applies. |
| getFeed | ( | array $ | query | ) |
Returns data structure with settings for the RSS feed as a whole.
| array | $query | The query parameters for the request. |
array(
title => <string> // The title of the RSS feed
description => <string> // Description of the RSS feed
link => <string> // The URL to the original feed content
syndicationURL => <string> // Link to source page of RSS feed (same as link)
)
If elements are omitted from the data structure that is returned from this method, Xataface will use default values for each field. The following table describes the values that Xataface will use as defaults in this case:
| Key | Default Value |
|---|---|
| title |
|
| description | description directive of the [_feed] section of the conf.ini file. |
| link |
|
| syndicationURL |
|
| getFeedItem | ( | Dataface_Record $ | record | ) |
Returns a data structure with the contents to be included in the RSS feed.
| Dataface_Record | $record | The subject record. |
array(
title => <string> // The title of the post
description => <string> // The body of the post
link => <string> // The link to the original post
date => <long> // Unix timestamp marking the date of the post
// This is generally the last modified date
author => <string> // The author of this post
source => <string> // The source URL where the feed originated.
)
Note that if keys are omitted from this array, default values will be used by Xataface when building the RSS feed. In fact you could even return an empty array from this method in which case Xataface would fill in all of the values itself.
The following table shows where Xataface will pull default values if keys are omitted from the array that is returned from this method.
| Key | Default Value |
|---|---|
| title | Dataface_Record::getTitle() |
| description | getRSSDescription() if defined. Otherwise it will display an HTML table showing all data in the record (subject to permissions). |
| link | Dataface_Record::getPublicLink() |
| date | |
| author |
|
| source |
|
| getFeedSource | ( | array $ | query | ) |
Returns the source URL for the RSS feed that is generated by the given query.
| array | $query | The query parameters that produced the feed. |
This method will override any information returned by the getFeed() method with respect to the source of the feed.
| getLastModified | ( | Dataface_Record $ | record | ) |
Returns the Unix timestamp representing the last modification time of the given record.
| Dataface_Record | $record | The $record whose lastModified time we are checking. |
| getPermissions | ( | Dataface_Record $ | record | ) |
Returns associative array of permissions that should be granted to the current user on this record.
| Dataface_Record | $record | The record on which we are granting permissions. Note that this parameter may be null if permissions are being checked on the table in general so you must be able to handle null inputs for this value. |
The following flowchart shows the flow of control Xataface uses to determine the record-level permissions for a record. (click here to enlarge):
function getPermissions($record){ return Dataface_PermissionsTool::ALL(); }
function getPermissions($record){ return Dataace_PermissionsTool::NO_ACCESS(); }
function getPermissions($record){ return Dataface_PermissionsTool::READ_ONLY(); }
Allow logged in users full permissions, and everyone else no access.
function getPermissions($record){ $auth = Dataface_AuthenticationTool::getInstance(); if ( $auth->isLoggedIn() ){ return Dataface_PermissionsTool::ALL(); } else { return Dataface_PermissionsTool::NO_ACCESS(); } }
In this example we assume that our 'users' table has a 'role' column to track a user's role. In our case if the 'role' is 'ADMIN', then the user is considered to be an admin. Otherwise they are just a regular user.
function getPermissions($record){ $auth = Dataface_AuthenticationTool::getInstance(); $user = $auth->getLoggedInUser(); if ( $user and $user->val('role') == 'ADMIN' ){ return Dataface_PermissionsTool::ALL(); } else if ( $user ){ // user is logged in but isn't an admin return Dataface_PermissionsTool::READ_ONLY(); } else { return Dataface_PermissionsTool::NO_ACCESS(); } }
It is recommended to define a getPermissions() method in the application delegate class that is very restrictive (i.e. no access for anyone except super-administrators) and then explicitly open up access to individual tables as necessary for other users.
e.g. In conf/ApplicationDelegate.php
function getPermissions($record){ $user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser(); if ( $user and $user->val('role') == 'ADMIN' ){ return Dataface_PermissionsTool::ALL(); } else { return Dataface_PermissionsTool::NO_ACCESS(); } }
Then suppose we want to open up the people table to allow logged in users to have read only access.
In tables/tables/people.php
function getPermissions($record){ $user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser(); // If user is an admin defer to the application delegate class for // permissions if ( $user and $user->val('role') == 'ADMIN' ){ return null; } if ( $user ){ // User is logged in return Dataface_PermissionsTool::READ_ONLY(); } // Defer to the application delegate class for all other users return null; }
| getPublicLink | ( | Dataface_Record $ | record | ) |
Returns the publicly accessible URL for a given record.
| Dataface_Record | $record | The record to which the URL refers. |
| getRelatedFeed | ( | Dataface_Record $ | record, |
| $ | relationship | ||
| ) |
Returns details about a feed of related records. This overrides the feed details for related feeds.
| Dataface_Record | $record | The subject record (the parent of the related records). |
| string | $relationship | The name of the relationship. |
array(
title => <string> // The title of the RSS feed
description => <string> // Description of the RSS feed
link => <string> // The URL to the original feed content
syndicationURL => <string> // Link to source page of RSS feed (same as link)
)
If elements are omitted from the data structure that is returned from this method, Xataface will use default values for each field. The following table describes the values that Xataface will use as defaults in this case:
| Key | Default Value |
|---|---|
| title | An auto-generated title. Generally {relationship_name} of Dataface_Record::getTitle() |
| description | Auto-generated title. Something like: Related Records of Dataface_Record::getTitel() |
| link | The URL to the related list of this feed. |
| syndicationURL | The URL to the related list of this feed. |
| getRoles | ( | Dataface_Record $ | record | ) |
Returns one or more roles that are to be granted to the current user for the specified record.
| Dataface_Record | $record | The record on which the roles are to be granted. |
This method can be implemented as an alternative to getPermissions() for the purpose of defining record-level permissions. A "role" is a set of permissions that are grouped together. This allows us to group together related permissions into easy-to-use sets and refer to them by their 'role' name.
Roles are defined in the permissions.ini file, and Xataface comes with several pre-defined roles. These built-in roles are listed in the table below:
| Role Name | Description | Definition | Since |
|---|---|---|---|
| NO ACCESS | A contains only the 'register' permission.
| [NO ACCESS]
register=1
| 0.6 |
| READ ONLY | Includes all view-ish permissions - for viewing records. This includes viewing records in list view, details view, XML export, RSS feeds, etc.. | [READ ONLY] view in rss=1 view = 1 link = 1 list = 1 calendar = 1 view xml = 1 show all = 1 find = 1 navigate = 1 ajax_load = 1 find_list = 1 find_multi_table = 1 rss = 1 export_csv = 1 export_xml = 1 export_json = 1 view related records=1 related records feed=1 expandable=1 | 0.6 |
| EDIT | Includes all permissions for viewing and editing records. | [EDIT extends READ ONLY]
edit = 1
add new related record = 1
add existing related record = 1
add new record = 1
remove related record = 1
reorder_related_records = 1
import = 1
translate = 1
new = 1
ajax_save = 1
ajax_form = 1
history = 1
edit_history = 1
copy = 1
update_set = 1
update_selected=1
select_rows = 1
| 0.6 |
| DELETE | Permission to view, edit, and delete records. | [DELETE extends EDIT] delete = 1 delete found = 1 delete selected = 1 | 0.6 |
| MANAGER | Edit and delete permissions as well as permission to access the control panel and management functions of the application. | [MANAGER extends ADMIN] manage=1 manage_output_cache=1 manage_migrate=1 manage_build_index=1 install = 1 | 0.6 |
Since this method simply provides an alternate way to define permissions, you generally would not define both methods in the same delegate class, but if you did implement both the getRoles() method would take priority of over the getPermissions() method.
The following flowchart shows the flow of control Xataface uses to determine the record-level permissions for a record. (click here to enlarge):
Consider the getPermissions() method below:
function getPermissions($record){ return Dataface_PermissionsTool::getRolePermissions('READ ONLY'); }
This is equivalent to the getRoles() method:
function getRoles($record){ return 'READ ONLY'; }
The getRoles() version is much more succinct as it just allows us to return the name of the role that is granted, rather than having to resolve the permissions for that role.
It is also possible to grant multiple roles, in which case the resulting permissions would be the union of the granted roles (where the last role listed takes precendent).
function getRoles($record){ return array('MY FIRST ROLE', 'MY SECOND ROLE'); }
| getRSSDescription | ( | Dataface_Record $ | record | ) |
Overrides the description or body of a record as it is displayed in an RSS feed.
| Dataface_Record | $record | The subject record. |
The default behavior of the Xataface RSS feed is to layout all permitted fields in an HTML table and include that table in the RSS feed. If you want to customize this behavior you can implement this method to return exactly what you want to appear in the body of the RSS feed item.
| getSearchableText | ( | Dataface_Record $ | record | ) |
Returns the indexable text to be used for the full-text site search feature.
| Dataface_Record | $record | The subject record. |
| getTitle | ( | Dataface_Record $ | record | ) |
Returns the record's title.
| Dataface_Record | $record | The record whose title we are returning. |
| getURL | ( | Dataface_Record $ | record, |
| $ | params = array() |
||
| ) |
Returns the URL of the given record.
| Dataface_Record | $record | The record whose URL we are returning. |
| array | $params | The query parameters to include in the generated URL. |
| getXMLHead | ( | Dataface_Record $ | record | ) |
Returns XML content to be included at the beginning of the XML representation of this record.
| Dataface_Record | $record | The subject record. |
| init | ( | Dataface_Table $ | table | ) |
Called after a table is loaded for the first time each request.
If you want to adjust table-wide settings, this is a good place to do it. E.g. for security filters, and modification of the configuration.
| Dataface_Table | $table | The table object that was just loaded. |
| no_access_link | ( | Dataface_Record $ | record, |
| $ | params = array() |
||
| ) |
Returns the link that should be returned by Dataface_Record::getURL() if the user isn't granted the 'link' permission on the given record.
| Dataface_Record | $record | The record that is subject of this query. |
| no_access_text | ( | Dataface_Record $ | record, |
| $ | params = array() |
||
| ) |
Returns the text that should be returned by Dataface_Record::display() if the user doesn't have 'view' permission for the record.
| Dataface_Record | $record | The record that is subject of this query. |
| array | $params | Associative array of extra parameters. One such parameter is the 'field' parameter which is the name of the field for which the text is to be displayed. |
| rel_relationshipname__permissions | ( | Dataface_Record $ | record | ) |
Returns the permissions for a particular relationship of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method, if implemented, returns a permissions mask to apply to a particular relationship in the given record. For example if we want to specifically allow adding related records to one relationship but not other relationships.
There are only a few specific permissions that pertain to relationships and these are the only ones that have any effect when returned from this method.
These permissions include:
| Permission Name | Description |
|---|---|
| add new related record | Permission to add new records to the relationship. |
| add existing related record | Permission to add existing records to the relationship. |
| related records feed | Permission to view the RSS feed for the related records. |
| remove related record | Permission to remove a record from the relationship. This is only applicable to many-to-many relationships as this doesn't include permission to delete the record from the database, only to sever the relationship. |
| delete related record | Permission to delete a related record (delete it from the database). |
| view related records | Permission to view the related records list. If this is denied, then the related records tab won't be present, and if users try to go to the URL for the tab directly, they'll receive a permission denied error. |
| reorder_related_records | Permission to reorder related records. This is only applicable to relationships that have a designated order column (via the metafields:order directive of the relationships.ini file ). |
| rel_relationshipname__roles | ( | Dataface_Record $ | record | ) |
Returns the roles for a particular relationship of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
| renderRow | ( | ) |
Overrides the display of a table row in list view.
| Dataface_Record | $record | The subject record. |
| renderRowHeader | ( | Dataface_Record $ | record | ) |
Overrides the headings row for the list view table.
| section__sectionname | ( | Dataface_Record $ | record | ) |
Defines a new section on the view tab.
| Dataface_Record | $record | The subject record. |
array(
name => <string> // The name of the section
label => <string> // The label of the section
content => <string> // The section content
order => <number> // Integer order of the section
url => <string> // The URL to 'see all'
edit_url => <string> // URL to edit the content in this section
records => <array(Dataface_Record)> // List of records to display
display => <enum('expanded','collapsed')> // Whether it should be default collapsed or expanded
class => <enum('main', 'left')> // Whether do display in left column or main column.
fields => <array(string)> // List of field names to display
)
| toXML | ( | Dataface_Record $ | record | ) |
Overrides the XML output of a record as it would appear in Xataface's export_xml action.
| Dataface_Record | $record | The subject record. |
| valuelist__valuelistname | ( | ) |
Defines a valuelist on the table.
| xmlTail | ( | Dataface_Record $ | record | ) |
Returns XML content to be included at the end of the XML representation of this record.
| Dataface_Record | $record | The subject record. |
1.7.4