question on setSecutrityFilter for more than one table

by **Markus** » Mon Jun 18, 2007 6:14 am

Hi Steve, hi all,

i have a question on how to use Security Filters for more than one table of my DB.

I have in my ApplicationDelegate

ÃŠÃŠÃŠ ÃŠÃŠÃŠ function getPreferences(){
ÃŠÃŠÃŠ ÃŠÃŠÃŠ $betriebe =& Dataface_Table::loadTable('betriebe') ; // load the table named 'betriebe'
ÃŠÃŠÃŠ ÃŠÃŠÃŠ $auth =& Dataface_AuthenticationTool::getInstance();
ÃŠÃŠÃŠ ÃŠÃŠÃŠ $user =& $auth->getLoggedInUser();
ÃŠÃŠÃŠ ÃŠÃŠÃŠ if ( $user andÃŠ $user->val('Role') != 'ADMIN' ){
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠ // We apply the security filter to non admin users.
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÃŠÃŠÃŠ }
ÃŠÃŠÃŠ return array();ÃŠ // Mandatory!! getPreferences() must return array.
ÃŠÃŠÃŠ }ÃŠÃŠÃŠ ÃŠÃŠÃŠ

which works fine for my table "betriebe".

If I want to have a similar filter for another table, how can I add it here or do i have to write a new function?

I am not quite sure about the getPreferences() function if it is kind of unique or if I could use something like getPreferencesBetriebe(), getPreferencesOtherTable()?

Know, what I mean?

Thank you

Markus

by **shannah** » Mon Jun 18, 2007 10:18 am

Hi Markus,

The existing examples on the site regarding security filters aren't the best IMHO.ÃŠ For security filters, it is actually better to add them to each table's delegate class.ÃŠ If you define a method called init() in a table's delegate class, it will be called just after a table is loaded.

e.g.

class tables_betriebe {
ÃŠÃŠÃŠ function init(&$table){
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠ $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe'));
ÃŠÃŠÃŠ }
}

-Steve

by **Markus** » Tue Jun 26, 2007 2:02 am

Hi Steve,

there was a typo in the line $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe'));

This should be $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));

You forgot one closing bracket.

I have now:

ÃŠÃŠÃŠ function init(&$betriebe){
ÃŠÃŠÃŠ $auth =& Dataface_AuthenticationTool::getInstance();
ÃŠÃŠÃŠ $user =& $auth->getLoggedInUser();
ÃŠÃŠÃŠ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÃŠÃŠÃŠ }
as a function within my class tables_betriebe and this works fine

Nevertheless I would like to understand WHY this is the better strategy. Just to understand your framework a little better and not just copy and paste your solution suggestions. Is it only because I then have more control over each single table?

Thank you

Markus

by **Markus** » Tue Jun 26, 2007 7:40 am

Hi Steve,

I had a "Call to a non object..."-Error on the line: ÃŠÃŠ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe'))); when I used the above function init and logged out of the table "betriebe".

I have now changed it to:

ÃŠÃŠÃŠ function init(&$betriebe){
ÃŠÃŠÃŠ $auth =& Dataface_AuthenticationTool::getInstance();
ÃŠÃŠÃŠ $user =& $auth->getLoggedInUser();
ÃŠÃŠÃŠ if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
ÃŠÃŠÃŠ $role = $user->val('Role');
ÃŠÃŠÃŠ ÃŠÃŠÃŠ switch ($role){
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠ case 'ADMIN':
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠ return Dataface_PermissionsTool::ALL();
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠ default:
ÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠÃŠ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÃŠÃŠÃŠ }
ÃŠÃŠÃŠ }

and now it works.

How comes?

Thank you

Markus

by **shannah** » Tue Jun 26, 2007 8:01 am

Hi Markus,

This is a better strategy for 2 reasons:
1. Better organization. It keeps configuration related to each table in its own directory. It will make it easier to distribute the table to another application later.

2. More efficient. This will only be run if the table is needed for the current request. If you load each table in getPreferences() and set the security filter, you will be forcing dataface to load every table every request which will affect performance.

-Steve

question on setSecutrityFilter for more than one table

Who is online