>Does dataface have any kind of security features
Yes. I have not documented these yet because the new version (0.6) which is in the works will be reworking this. The current version allows you to define permissions using delegate classes.
Define the method getPermissions(), or __permissions() (where is the name of the field) as follows:
- Code: Select all
require_once 'Dataface/PermissionsTool.php';
/**
* Delegate class for the Profiles table.
*/
class tables_Profiles {
/**
* Returns an array of permissions allowed on the given record.
* @param $record Dataface_Record object on which the permissions are being granted.
* @return Array of permissions granted.
*/
function getPermissions(&$record){
if ( $_SESSION['Username'] == $record->strval('Username') ) return Dataface_PermissionsTool::ALL();
else return Dataface_PermissionsTool::READ_ONLY();
}
/**
* Sets the permissions on the PhoneNumber field.
* @param $record Dataface_Record object on which the permissions are being granted.
* @return Array of permissions granted.
*/
function PhoneNumber__permissions(&$record){
if ( $_SESSION['UserLevel'] == 'reviewer' ){
// Reviewers can read the phone number field but not edit it
return Dataface_PermissionsTool::READ_ONLY();
} else if ( $_SESSION['Username'] == $record->strval('Username') or $_SESSION['UserLevel'] == 'admin'){
// The Profile's owner and administrators can read and edit the phone number field.
return Dataface_PermissionsTool::ALL();
} else {
// Others cannot read or edit the phone number field.
return array();
}
}
}
** Note that in the above example the $_SESSION['...'] vars are not Dataface specific. It is assumed that you have done your own session handling to see who is logged in etc...
The new coming release of Dataface will include authentication support and much better permissions support. Currently there are only "View", "Edit", and "Delete" permissions. The new version will provide much more fine-grained permissions.
Note also, that the permissions have not been tested as fully as the rest of the system in the current version since they aren't "Officially" available. They are being used on a few production systems here but there may be some finer points that haven't been explored (for example, I can't recall, off the top of my head, whether table listings respect the "no read" permission.
*** Also note that the current version uses what I call "optimistic" permissions. Meaning that if you don't explicitly define permissions on a table, then ALL permissions are granted. The new version will allow you to turn on "pessimistic" permissions so that you have to explicitly grant access for the permission to be allowed.
--------------------------
>Can I change this so that the list view is shown by default?
Yes. Check out
http://framework.weblite.ca/documentation/how-to/change_default_action for a current solution. The new version of dataface will allow you to set a default action in the conf.ini file.
-------------------------
>Neither of those generators allow me display a veiw of two joined tables.
>Would I be able to create such a display with dataface?
Right now you would be able to do this by way of relationships. You can define a relationship to be the results of any SQL query. A future version (maybe the next one or the one after that) will allow surogate views which will allow you to do this without having to "fake" a relationship. Also in the new version there will be a much more powerful custom actions and templating framework that will allow you to generate arbitrary views very easily. Stay tuned..
Thanks for your interest.
