Page 1 of 1

PostPosted: Wed Aug 23, 2006 11:06 am
by dal
I'm trying to set-up a Sign-up form for users to register on a typical USERS table. I'd like to have it such that they can Add a new record, and also edit their own information. The 'USER' role seems to fit the bill for this from the documentation (http://framework.weblite.ca/documentation/tutorial/getting_started/permissions/). But I'm getting an error when calling Dataface_PermissionsTool.

Fatal error: Call to undefined method Dataface_PermissionsTool::user()

The other roles, READ_ONLY(), ADMIN(), work fine.


Here's the code...

class tables_users {

function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::USER();
// if the user is null then nobody is logged in... no access.
// This will force a login prompt.
$role = $user->val('role');
return Dataface_PermissionsTool::getRolePermissions($role);
// Returns all of the permissions for the user's current role.
}

}

PostPosted: Wed Aug 23, 2006 12:13 pm
by shannah
Hi Dalcon,

There is no Dataface_PermissionsTool::USER() method. The ALL(), NO_ACCESS(), and READ_ONLY() methods are convenience methods for those common roles, but for a general role, you will need to do:

Dataface_PermissionsTool::getRolePermissions('user');

Hope this helps.

Steve

PostPosted: Wed Aug 23, 2006 2:23 pm
by dal
Gotcha, Thanks. I realized what I need now is to define my own role and permissions for certain types of users. I found that the default 'USER' role, does not have permission for the 'new' action...so I need a new role such that visitors would be able to register themselves (ie. add a new users record).

PostPosted: Thu Jul 26, 2007 10:28 pm
by marionjoe
Gotcha, Thanks. I realized what I need now is to define my own role and permissions for certain types of users. I found that the default 'USER' role, does not have permission for the 'new' action...so I need a new role such that visitors would be able to register themselves (ie. add a new users record).



hi dal and all:

dal, if you have found a solution, could you write it up here, and also perhaps on your
DATFACE HOMEPAGE? http://framework.weblite.ca/Members/dal

PostPosted: Thu Jul 26, 2007 11:22 pm
by shannah
See the conf.ini in the webauction demo for an example of how to add registration to your app.
http://demo.weblite.ca/source-browser.php?-path=webauction

i.e. just add allow_register=1 to the [_auth] section of your conf.ini file.

You also need to make sure that public users have the 'new' permission for this to work.

-Steve

PostPosted: Sat Jul 28, 2007 12:46 am
by marionjoe
hi steve and all:

how do i create a different role?

the role would need to enable

a person who registers to
1 create a new record which they then "own"

2 edit and delete their "owned" record and only their "own" record


thankyou


marion

PostPosted: Sat Jul 28, 2007 12:48 am
by marionjoe
oo and just rememberd

this role would also enable ALL users to see ALL RECORDS

marion

PostPosted: Sat Jul 28, 2007 11:13 am
by shannah
how do i create a different role?


Add a permissions.ini file to your application directory. You can add new roles by adding new sections to this file. E.g.

Code: Select all
[OWNER extends EDIT AND DELETE]


The syntax means that you are creating a new role named 'OWNER' that inherits all the permissions of the 'EDIT AND DELETE' role.

You can check out the permissions.ini file in the dataface directory to see what existing roles there are to inherit from.

If you wanted to customize the role to NOT allow delete, you could do:
Code: Select all
[OWNER extends EDIT AND DELETE]
delete=0


If you wanted to create a role that was read only, but could also create new records you would do something like:
Code: Select all
[MY ROLE extends READ ONLY]
new=1


So for the problem at hand, you have identified 2 roles:
1. REGISTERED - any registered user can read or create new roles.
2. OWNER - the owner of a record can edit and delete that record.

So you would have something like:

Code: Select all
[OWNER extends EDIT AND DELETE]

[REGISTERED extends READ ONLY]
new=1



The next thing you have to do is reference these roles from inside your getPermissions() method.
Code: Select all
function getPermissions(&$record){
    $auth=& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $auth->isLoggedIn() ){
        return Dataface_PermissionsTool::getRolePermissions('REGISTERED');
    } else if ( $record and $user and $record->val('owner_id') == $user->val('user_id') ){
        return Dataface_PermissionsTool::getRolePermissions('OWNER');
    } else {
        return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
    }
}


Note that this snippet assumes that you have a field in your table called 'owner_id' that references the user that created the record. You can populate this field using a beforeInsert() trigger:
Code: Select all
function beforeInsert(&$record){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    $record->setValue('owner_id', $user->val('user_id'));
}


Hope this helps.

-Steve

PostPosted: Sat Jul 28, 2007 11:18 am
by shannah
Whoops.. the example getPermissions() method won't work as desired because it handles the permissions for registered users before it handles permissions for owners. Since owners are always registered, the method will never even get to handle the owner case. Change to:
Code: Select all
function getPermissions(&$record){
    $auth=& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $record and $user and $record->val('owner_id') == $user->val('user_id') ){
        return Dataface_PermissionsTool::getRolePermissions('OWNER');
    } else if ( $auth->isLoggedIn() ){
        return Dataface_PermissionsTool::getRolePermissions('REGISTERED');
    } else {
        return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
    }

}

PostPosted: Fri Sep 07, 2007 6:57 am
by dclijste
thanks, ik works (as usually ;))!

However, as it seems to be clear to understand, there is one thing I don't. where is the data saved?
I thought this would be saved in the records table under owner_id, but this stays NULL. When i edit this data through dataface (the same user, owner in this case) to the owner id (I made a nice dropdown list with all owners) I get the following error message:


Errors

* Permission to perform action 'edit' denied. Requires permission 'edit' but only granted '1,1,1,1,1,1,1,1,1'

the field owner_id is changed to the user_id I added, but the Owner can no longer edit this record again (in other words, he is not the owner anymore).

the thing I want to create is that admins can change the owner and all users can see who is the owner and ofcourse the owner himself can edit the record..

PostPosted: Fri Sep 07, 2007 9:03 am
by dclijste
OK, This permission denied comes after 'succesfull' and is given beceause dataface wants to go back to "edit field" but lost his permission.

the only question which persists: where is this information being saved?

PostPosted: Fri Sep 07, 2007 3:53 pm
by shannah

I may not be understanding the question.Ê I think you are asking where the owner_id value that we set in the trigger gets saved.Ê It gets saved in the same record in the same table.Ê If it is not then the trigger isn't working the way we want.

I know there was a bug that showed up only in PHP 4 that caused some triggers not to be picked up.



Check the Dataface/IO.php file in your version.Ê Look for the fireEvent() method.Ê If it contains a call to the call_user_func() function, then you will need to replace the function with this one:

function fireEvent($name, &$record){ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $delegate =& $this->_table->getDelegate();
ÊÊÊ ÊÊÊ if ( $delegate !== null and method_exists($delegate,$name) ){
ÊÊÊ ÊÊÊ ÊÊÊ $res =& $delegate->$name($record);
ÊÊÊ ÊÊÊ ÊÊÊ if ( PEAR::isError( $res ) ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $res->addUserInfo(
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ df_translate(
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ 'scripts.Dataface.IO.fireEvent.ERROR_WHILE_FIRING',
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ "Error while firing event '$name' on table '".$this->_table->tablename."' in Dataface_IO::write() on line ".__LINE__." of file ".__FILE__,
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ array('name'=>$name,'tablename'=>$this->_table->tablename, 'line'=>__LINE__,'file'=>__FILE__)
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ )
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ );
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ return $res;
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $app =& Dataface_Application::getInstance();
ÊÊÊ ÊÊÊ $res = $app->fireEvent($name, array(&$record, &$this));
ÊÊÊ ÊÊÊ if ( PEAR::isError($res) ) return $res;
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ return true;
ÊÊÊ
ÊÊÊ }



And that should get the trigger working properly.


PostPosted: Sat Sep 08, 2007 10:37 am
by dclijste
My problem!
I asked for user_id instead of userid which gave NULL and since only the new added records wasn't owned by anyone this was the only record recongized by the loggedin user (which was also NULL)

Re: Permissions: USER role for sign-up

PostPosted: Thu Feb 24, 2011 7:48 am
by barryrs
Steve,

I think this broke something...
> Ability to add a new record to a table // Deprecated.. see if this breaks anything!!
> ;;add new record = Add New Record

Tried to add 'Owner permissions to the users table... successfully removed the ability to delete records, but for the life of me, I can't get rid of the ability to add new records...

if ( $user->val('UserName') == $record->val('UserName'))
return Dataface_PermissionsTool::getRolePermissions('OWNER');

I can say this, creating a brand new role with specific permissions seems to work, but the OWNER role wont remove the new permission..... here's my (app)->permissions.ini

[OWNER extends EDIT AND DELETE]
navigate = 0
new = 0
add new record = 0
add new related record = 0
delete found = 0
delete = 0
delete found = 0
delete selected = 0






[OWNER1]
navigate = 0
new = 0
add new record = 0
add new related record = 0
delete found = 0
delete = 0
delete found = 0
delete selected = 0
view in rss=1
view = 1
link = 1
list = 1
calendar = 1
view xml = 1
show all = 1
find = 1
ajax_load = 1
find_list = 1
find_multi_table = 1
rss = 1
export_csv = 1
export_xml = 1
export_json = 1
view related records=1
related records feed=1
expandable=1
edit = 1
add new record = 1
reorder_related_records = 1
import = 1
translate = 1
ajax_save = 1
ajax_form = 1
history = 1
edit_history = 1
update_set = 1
update_selected=1
select_rows = 1

Thanks for a great app!!! -Barry-

Re: Permissions: USER role for sign-up

PostPosted: Sat Feb 26, 2011 1:07 pm
by shannah
Did the forum strip some of your getPermissions() method? Can you post the whole method? My guess is that there's a problem in there somewhere.

-Steve