conditional deletegate class

[alanslleung]

I want a different set of fields from the same table appear on a form depending on the user's priviledges.
I believe this kinds of "conditional" changes would be done in PHP in the delegate class. Can anyone confirm this if you have done this before?

[shannah]

Yes. This can be done with permissions. You can apply permissions to an entire record using the getPermissions() method. Or you can apply permissions to a particular field using the %fieldname%__permissions() method.

Here is a semi-complex example showing the delegate class for the users table in a volunteer registration system:

Code: Select all


class tables_users {

    /**
    * Returns permissions array.  This method is called every time an action is
    * performed to make sure that the user has permission to perform the action.
    * @param record A Dataface_Record object (may be null) against which we check
    *               permissions.
    * @see Dataface_PermissionsTool
    * @see Dataface_AuthenticationTool
    */
    function getPermissions(&$record){
        $app =& Dataface_Application::getInstance();
       
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
        if ( !isset($user) ) return Dataface_PermissionsTool::getRolePermissions('VISITOR');
         // if the user is null then nobody is logged in... no access.
         // This will force a login prompt.
       
       
        $role = $user->val('role');
       
        if(!isset($record)) return Dataface_PermissionsTool::getRolePermissions($role);
       
        if (isAdmin($role) || $record->val('userid') == $user->val('userid'))
            return Dataface_PermissionsTool::ALL();
           
        else
            return Dataface_PermissionsTool::NO_ACCESS();
       
         // Returns all of the permissions for the user's current role.
    }
   
    function role__permissions() {
        $app =& Dataface_Application::getInstance();
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
        if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
       
        $role = $user->val('role');
        if ( $role == 'GOD' ) return Dataface_PermissionsTool::ALL();
       
        return Dataface_PermissionsTool::NO_ACCESS();
    }


In the above example, Admin users are allowed full edit access to a record, but the "role" column overrides this so that only users with the 'GOD' role have edit access. Other users have no access to the role field, so the field won't even show up for them.

Hope this helps

-Steve