filter list by user

A place to discuss development of the Xataface core.

Postby silid » Thu Jan 18, 2007 1:34 pm

i am trying to filter access to records by username, my delegate file says:

function getPermissions(&$record) {
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
$role = $user->val('role');
if ( $role == 'ADMIN' ){
return Dataface_PermissionsTool::ALL();
} else if ( $record && $record->val('email_domain') == $user->val('username')) {
return Dataface_PermissionsTool::ALL();
} else {
return Dataface_PermissionsTool::READ_ONLY();
}
}

this stops editing of all files except the correct ones however i want to limit viewing of records.
if i change the line:
return Dataface_PermissionsTool::READ_ONLY();

to:
return Dataface_PermissionsTool::NO_ACCESS();

then the list won't display at all

any ideas?
silid
 
Posts: 4
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Fri Jan 19, 2007 12:22 am

Good question... Both "list" and "view" tabs only require the "view" permission. However, there is a workaround. Using the Dataface_Application::getQuery() method, you are able to access the user's request information. The '-action' element is always set in dataface even if it is not explicitly specified in the request. You can use this to return different permissions for different actions.

e.g.

Code: Select all
$app =& Dataface_Application::getInstance();
$query =& $app->getQuery();
if ( $query['-action'] == 'list' ){
    return Dataface_PermissionsTool::READ_ONLY();
} else {
    return Dataface_PermissionsTool::NO_ACCESS();
}


Hope this helps.

-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby silid » Fri Jan 19, 2007 7:06 am

thanks for your reply, that does part of what i want, i perhaps didn't explain properly.

i also want the list view filtered to only show records associated with the logged in user.

do i need to do a custom mysql query? or use relationships to the user table?

any advice is appreciated.

thanks

si
silid
 
Posts: 4
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Fri Jan 19, 2007 10:25 am

Best to use relationships to the user table to do this and cut off access to the list view for users.

-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Developers

Who is online

Users browsing this forum: No registered users and 10 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved