Authentication help needed

A place for users and developers of the Xataface to discuss and receive support.

Authentication help needed

Postby PaulR » Wed May 18, 2011 11:46 pm

I've set up a test site such that anyone can browse my database but only authorised users can make changes. I followed the tutorial to acvhieve this and it works exactly as I want with one exception - the users table is also publicly browseable and I'd like to prevent this for security reasons. I can't see a simple way to do this, can anyone help?

TIA

Paul
PaulR
 
Posts: 19
Joined: Tue May 17, 2011 10:38 pm

Re: Authentication help needed

Postby shannah » Thu May 19, 2011 8:54 am

Example of users table delegate class getPermissions() method that will deny access to everyone:
Code: Select all
function getPermissions($record){
    return Dataface_PermissionsTool::NO_ACCESS();
}
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Authentication help needed

Postby PaulR » Thu May 19, 2011 9:26 am

Thanks Steve. Forgive my ignorance but I take it that means I'd have to modify the users table outside of Xataface entirely e.g. in phpMyAdmin? Not a problem if so as there will only be a small number of users.

Paul
PaulR
 
Posts: 19
Joined: Tue May 17, 2011 10:38 pm

Re: Authentication help needed

Postby shannah » Thu May 19, 2011 9:42 am

No. You need to implement a delegate class for the users table. See the section on delegate classes in the getting started tutorial. Then move onto the section on authentication and permissions.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Authentication help needed

Postby PaulR » Thu May 19, 2011 11:08 am

Thanks again. I'd read both of those and created ApplicationDelegate.php (with READ_ONLY access if not logged in) which I guess I will need to remove (or at least modify) if I want to control access to each table independantly.

Sorry I know next to nothing about php, can I use the getPermissions method in ApplicationDelegate.php directly in a delegate function for the table that I do want users to be able to edit or would it need modification?

TIA

Paul
PaulR
 
Posts: 19
Joined: Tue May 17, 2011 10:38 pm

Re: Authentication help needed

Postby shannah » Thu May 19, 2011 11:26 am

http://xataface.com/documentation/tutor ... te_classes

The application delegate controls application-wide stuff. The table delegate class controls stuff for only a specific table.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Authentication help needed

Postby PaulR » Thu May 19, 2011 10:48 pm

Thanks again, it's now working exactly as required. :D

For anyone else new to this stuff it might be useful to know that you can transplant the function in the example application-wide delegate class (http://xataface.com/documentation/tutor ... ermissions) directly into a delegate class for each table.

Paul
PaulR
 
Posts: 19
Joined: Tue May 17, 2011 10:38 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 26 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved