Xataface Forums

i am trying to filter access to records by username, my delegate file says:

function getPermissions(&$record) {
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
$role = $user->val('role');
if ( $role == 'ADMIN' ){
return Dataface_PermissionsTool::ALL();
} else if ( $record && $record->val('email_domain') == $user->val('username')) {
return Dataface_PermissionsTool::ALL();
} else {
return Dataface_PermissionsTool::READ_ONLY();
}
}

this stops editing of all files except the correct ones however i want to limit viewing of records.
if i change the line:
return Dataface_PermissionsTool::READ_ONLY();

to:
return Dataface_PermissionsTool::NO_ACCESS();

then the list won't display at all

any ideas?

Good question... Both "list" and "view" tabs only require the "view" permission. However, there is a workaround. Using the Dataface_Application::getQuery() method, you are able to access the user's request information. The '-action' element is always set in dataface even if it is not explicitly specified in the request. You can use this to return different permissions for different actions.

e.g.

Code: Select all

$app =& Dataface_Application::getInstance();
$query =& $app->getQuery();
if ( $query['-action'] == 'list' ){
    return Dataface_PermissionsTool::READ_ONLY();
} else {
    return Dataface_PermissionsTool::NO_ACCESS();
}


Hope this helps.

-Steve

thanks for your reply, that does part of what i want, i perhaps didn't explain properly.

i also want the list view filtered to only show records associated with the logged in user.

do i need to do a custom mysql query? or use relationships to the user table?

any advice is appreciated.

thanks

si

Best to use relationships to the user table to do this and cut off access to the list view for users.

-Steve