Xataface Forums

Put a face on your database
http://xataface.com/forum/

Some newbie questions.

http://xataface.com/forum/viewtopic.php?f=4&t=4090

Page 1 of 1

PostPosted: Tue Jul 17, 2007 2:47 am
by vlad
1.How can I hide certain tables from view? If i use
;Users = "Users"
in conf.ini this table is not shown but if I access the table by changing the url
index.php?-table=Users
I can see the records.
(without mod_rewrite if possible)

2.How can I hide some error messages replacing them with 404 not found . etc.
Example "Fatal error: Error performing mysql query to get column information from table 'blah'. The mysql error returned was : 'Table 'dataface.blah' doesn't exist'."


Excuse my english. Thank you.

PostPosted: Wed Jul 18, 2007 9:13 am
by Markus
Hi Vlad,

Concerning question 1.

I use the setSecurityFilter method to prevent nonAdminUsers to see all records of my table users. Maybe that will help you too.
I have this function in the ApplicationDelegate class of my table users i.e. ../tables/users/users.php

function init(&$users){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser(); //get the current logged in user
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS(); //if no user is logged in this will force the login-prompt

$role = $user->val('Role'); //get the Role of the current logged in user
switch ($role){

case 'ADMIN':
return Dataface_PermissionsTool::ALL(); //if the user is ADMIN he can see all the records
default:
$users->setSecurityFilter(array('gruppe'=>$user->val('gruppe'))); //the user can only see records of his own group
}
}

Cause I want the members of my usergroup (gruppe) to see only their records of table users I have a field gruppe in this table.
You can also use every other field like UserName or something else for that and you have to have the field Role in users table where the roles are defined.
I took the users table from steves example

CREATE TABLE `users` (
`UserID` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`UserName` VARCHAR( 32 ) NOT NULL ,
`Password` VARCHAR( 32 ) NOT NULL ,
`Role` ENUM('READ ONLY','NO ACCESS','ADMIN') DEFAULT 'READ ONLY',
PRIMARY KEY ( `UserID` ) ,
UNIQUE (`UserName`)
)

and just added a field gruppe VARCHAR ( 10 ) NOT NULL,

Maybe this helps

If not, have a look at this thread http://framework.weblite.ca/forum/dataface-users/755042441/#696282782

Markus

PostPosted: Wed Jul 18, 2007 10:42 am
by shannah
Thanks Markus. This is a good way to do it. In Dataface 0.7, I have added a slightly easier way if you want to disable access to an entire table wholesale.

I have created a how-to document to describe it here: http://framework.weblite.ca/documentation/how-to/disallow_tables

Best regards

Steve
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/