Xataface Forums

Put a face on your database
http://xataface.com/forum/

question on setSecutrityFilter for more than one table

http://xataface.com/forum/viewtopic.php?f=4&t=4062

Page 1 of 1

PostPosted: Mon Jun 18, 2007 6:14 am
by Markus

Hi Steve, hi all,


i have a question on how to use Security Filters for more than one table of my DB.



I have in my ApplicationDelegate

ÊÊÊ ÊÊÊ function getPreferences(){
ÊÊÊ ÊÊÊ $betriebe =& Dataface_Table::loadTable('betriebe') ; // load the table named 'betriebe'
ÊÊÊ ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ ÊÊÊ if ( $user andÊ $user->val('Role') != 'ADMIN' ){
ÊÊÊÊÊÊÊ // We apply the security filter to non admin users.
ÊÊÊÊÊÊÊ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÊÊÊ }
ÊÊÊ return array();Ê // Mandatory!! getPreferences() must return array.
ÊÊÊ }ÊÊÊ ÊÊÊ

which works fine for my table "betriebe".


If I want to have a similar filter for another table, how can I add it here or do i have to write a new function?

I am not quite sure about the getPreferences() function if it is kind of unique or if I could use something like getPreferencesBetriebe(), getPreferencesOtherTable()?

Know, what I mean?

Thank you


Markus

PostPosted: Mon Jun 18, 2007 10:18 am
by shannah

Hi Markus,

The existing examples on the site regarding security filters aren't the best IMHO.Ê For security filters, it is actually better to add them to each table's delegate class.Ê If you define a method called init() in a table's delegate class, it will be called just after a table is loaded.

e.g.

class tables_betriebe {
ÊÊÊ function init(&$table){
ÊÊÊÊÊÊÊ $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe'));
ÊÊÊ }
}

-Steve

PostPosted: Tue Jun 26, 2007 2:02 am
by Markus

Hi Steve,


there was a typo in the line $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe'));

This should be $table->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));

You forgot one closing bracket.

I have now:

ÊÊÊ function init(&$betriebe){
ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÊÊÊ }
as a function within my class tables_betriebe and this works fine ;)

Nevertheless I would like to understand WHY this is the better strategy. Just to understand your framework a little better and not just copy and paste your solution suggestions. Is it only because I then have more control over each single table?

Thank you


Markus

PostPosted: Tue Jun 26, 2007 7:40 am
by Markus

Hi Steve,


I had a "Call to a non object..."-Error on the line: ÊÊ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe'))); when I used the above function init and logged out of the table "betriebe".

I have now changed it to:

ÊÊÊ function init(&$betriebe){
ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
ÊÊÊ $role = $user->val('Role');
ÊÊÊ ÊÊÊ switch ($role){
ÊÊÊÊÊÊÊ case 'ADMIN':
ÊÊÊÊÊÊÊÊÊÊÊ return Dataface_PermissionsTool::ALL();
ÊÊÊÊÊÊÊ default:
ÊÊÊÊÊÊÊÊÊÊÊ $betriebe->setSecurityFilter(array('gruppe'=>$user->val('gruppe')));
ÊÊÊ }
ÊÊÊ }

and now it works.

How comes?

Thank you

Markus

PostPosted: Tue Jun 26, 2007 8:01 am
by shannah
Hi Markus,

This is a better strategy for 2 reasons:
1. Better organization. It keeps configuration related to each table in its own directory. It will make it easier to distribute the table to another application later.

2. More efficient. This will only be run if the table is needed for the current request. If you load each table in getPreferences() and set the security filter, you will be forcing dataface to load every table every request which will affect performance.

-Steve
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/