Page 1 of 1

Admin for one table

PostPosted: Sun May 13, 2012 12:53 pm
by tbeemster
I've been looking around to find some docs on this, but I couldn't find it, although I'm sure it must be somewhere :P

I have a site, which is maintained by one person - an ADMIN, but there is also a blog, so I want to add two more users, but they should only VIEW/EDIT the blog, nothing more and nothing less :D

Could anyone give me a tip on where to get started? Becuase I'm not sure where to start (delegate/permissions.ini/actions.ini/getPermissions etc.. :P)

Re: Admin for one table

PostPosted: Tue May 15, 2012 10:01 am
by shannah
Is the blog a separate table? Each table has its own delegate class. Each delegate class can define a getPermissions() method the dictates which permissions are granted to which user.

Re: Admin for one table

PostPosted: Tue May 22, 2012 3:22 am
by tbeemster
Yes (well there are like 2 tables involved), so I could, for example grant user 'READ ONLY' to have edit permission on the blog?

Re: Admin for one table

PostPosted: Mon Aug 06, 2012 12:27 pm
by tbeemster
So, sorry for double posting. but I think I almost figured it out:

This is what I got:

permissions.ini

Code: Select all
[BLOG]
view=0
edit=0
delete=0


skvm_blog_post.php (Delegate class)

Code: Select all
<?php
class tables_skvm_blog_post {

    function post_time__display(&$record){
        return date('d-m-Y', strtotime($record->strval('post_time')));
    }

    function getPermissions(&$record){
        $user =& Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
        if ( $user and $user->val('role') == 'ADMIN' ){
            return Dataface_PermissionsTool::getRolePermissions('ADMIN');
        } else if ( $user and $user->val('role') == 'BLOG'){
            return Dataface_PermissionsTool::READ_EDIT();
        }
        return Dataface_PermissionsTool::NO_ACCESS();
    }
}


This actually works (it gets in the else if statement from 'BLOG'. But for some reason it's still not shown. Is it possible, that the permissions.ini overrules the getPermissions?

Re: Admin for one table

PostPosted: Wed Aug 08, 2012 10:01 am
by shannah
Looks like you may not be clear on the relationship between the permissions.ini file and the getPermissions() method. In your example you are defining a BLOG role in the permissions.ini file. This is just a set of permissions that can be referenced by name via the API. It is not inherently connected to your BLOG role in the users table 'role' field.

So in your case, when you write the code:
Code: Select all
else if ( $user and $user->val('role') == 'BLOG'){
            return Dataface_PermissionsTool::READ_EDIT();
        }


This isn't actually using your BLOG role that you created at all. It is just using the EDIT role (which is returned from the READ_EDIT() method).

Reading the logic of your delegate class, here is how your permissions work:
1. Admin users are granted all permissions from the ADMIN role.
2. BLOG users are granted READ and EDIT permissions. (i.e. users where the role field of their users record is BLOG)
3. All other users get no access to this table at all.

Your [BLOG] definition in the permissions.ini file is not used here at all. You could delete it and it would make no change.

-Steve