Looks like you may not be clear on the relationship between the permissions.ini file and the getPermissions() method. In your example you are defining a BLOG role in the permissions.ini file. This is just a set of permissions that can be referenced by name via the API. It is not inherently connected to your BLOG role in the users table 'role' field.
So in your case, when you write the code:
- Code: Select all
else if ( $user and $user->val('role') == 'BLOG'){
return Dataface_PermissionsTool::READ_EDIT();
}
This isn't actually using your BLOG role that you created at all. It is just using the EDIT role (which is returned from the READ_EDIT() method).
Reading the logic of your delegate class, here is how your permissions work:
1. Admin users are granted all permissions from the ADMIN role.
2. BLOG users are granted READ and EDIT permissions. (i.e. users where the role field of their users record is BLOG)
3. All other users get no access to this table at all.
Your [BLOG] definition in the permissions.ini file is not used here at all. You could delete it and it would make no change.
-Steve