Xataface Forums

Trying to get permissions working. Everything going OK until I swapped out the original function in ApplicationDelegate.php. I'm now getting this error:

Code: Select all

Parse error: parse error, unexpected ';', expecting T_FUNCTION in /home/path/to/conf/ApplicationDelegate.php on line 32

original function added as per basic tutorial (this works, and I get the login prompt and can login as both "admin" and "publicuser"):

Code: Select all

function getPermissions(&$record){
         $auth =& Dataface_AuthenticationTool::getInstance();
         $user =& $auth->getLoggedInUser();
         if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
             // if the user is null then nobody is logged in... no access.
             // This will force a login prompt.
         $role = $user->val('Role');
         return Dataface_PermissionsTool::getRolePermissions($role);
             // Returns all of the permissions for the user's current role.
      }

...function per the online tutorial for creating an online user submission form (this one doesn't work and I get the above php error - copy/pasted directly from the online tutorial):

Code: Select all

function getPermissions(&$record){
    $app =& Dataface_Application::getInstance();
    $query =& $app->getQuery();
      
    if ( $query['-action'] == 'new'){
        return Dataface_PermissionsTool::ALL();
    } else {
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
        if ( $user and isAdmin($user->val('role'))){
            return Dataface_PermissionsTool::ALL();
        } else {
            return Dataface_PermissionsTool::NO_ACCESS();
        }
    }
}

Please advise what I've done wrong. Thanks.

Michael Wassil

OK, making some progress. Got past the original php error by adding an additional "{" here (at the -->):

Code: Select all

class conf_ApplicationDelegate {
    /**
     * Returns permissions array.  This method is called every time an action is
     * performed to make sure that the user has permission to perform the action.
     * @param record A Dataface_Record object (may be null) against which we check
     *               permissions.
     * @see Dataface_PermissionsTool
     * @see Dataface_AuthenticationTool
     */

    function getPermissions(&$record){
        $app =& Dataface_Application::getInstance();
        $query =& $app->getQuery();
      
        if ( $query['-action'] == 'new'){
            return Dataface_PermissionsTool::ALL();
        } else {
            $auth =& Dataface_AuthenticationTool::getInstance();
            $user =& $auth->getLoggedInUser();
            if ( $user and isAdmin($user->val('role'))){
                return Dataface_PermissionsTool::ALL();
            } else {
                return Dataface_PermissionsTool::NO_ACCESS();
            }
        }
    }
--> }
?>


This gets me to the login again. But when I attempt to login with either the admin or public user I get the following error:

Code: Select all

Fatal error: Call to undefined function isAdmin() in /home/path/to/conf/ApplicationDelegate.php on line 25


This is line 25:

Code: Select all

if ( $user and isAdmin($user->val('role'))){


According to the tutorial: "(Note that the isAdmin() function is defined elsewhere in my app... "

Can someone advise how to get past this? Thanks.

Michael Wassil

Hi Michael,

The isAdmin() function just a custom function that I often create in my applications as a quick means to check if the currently logged in user is an administrator.

Quite often I will create a library of convenience functions specific to my application.

The isAdmin() function is just supposed to return true if the currently logged in user is an administrator.

An example such function might be:

Code: Select all

function isAdmin(){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $user and $user->val('role') == 'ADMIN' ) return true;
    return false;
}


Sometimes I may want to break this up into smaller functions for reuse.
e.g.

Code: Select all

/**
* @returns Dataface_Record The currently logged in user.
*/
function &getUser(){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    return $user;
}

/**
* @returns string The role of the currently logged in user.
*/
function getRole(){
    $user =& getUser();
    if ( $user) return $user->val('role');
    return null;
}

/**
* @returns boolean True if the current user is an administrator.
*/
function isAdmin(){
    return (getRole() == 'ADMIN');
}

/**
* @returns boolean True if the current user is a manager.
*/
function isManager(){
    return (getRole() == 'MANAGER');
}

... etc ...


Since these functions will be frequently called inside my getPermissions() methods (which are called many times per request), sometimes I may want to use static variables to cache the results of the getUser() function, for performance reasons.

Code: Select all

function &getUser(){
    static $user = -1;
    if ( $user == -1 ){
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user = $auth->getLoggedInUser();
    }
    return $user;
}


Hope this helps a little.

-Steve

Hi Steve! Thanks for responding so quickly. Your function isAdmin got me past the "call to undefined function" php error. But I then got other errors, so what I did was simply download the form tutorial and use the ApplicationDelegate.php file from there. This fixed all the errors. So I have a working login. However, when I login as "adminuser" I get this:

Code: Select all

Permission to perform action 'list' denied. Requires permission 'view' but only granted '0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0'


I can't figure out where to change these permissions. I tried changing the array values in ApplicationDelegate.php but that didn't do it.

Also, I need a form open to public input. I don't want anyone to have to login just to fill in the form. But I don't see anywhere in the forms tutorial about this. Possibly the permissions will take of it. I'm still poking around looking for the file with the permissions defined. With the help of the files in the tutorial download, I know I'm close. Still no cigar yet. Thanks again, I really appreciate your input.

Michael Wassil

Hi Michael,

It is difficult to say what the problem is from this vantage point. It might be better to actually work through your own version from scratch, rather than to use the tutorial one as a base, because that way it will force you to build understanding of what each thing does.

The tutorial is just an example of what you could do. The idea is that your getPermissions() method can return any permissions you want.

For example a good way to start might be to make a getPermissions() method that doesn't consider the logged in user (i.e. give the same permissions to everyone), and play around with that.

e.g. Everyone gets read-only access:

Code: Select all

function getPermissions(&$record){
    return Dataface_PermissionsTool::READ_ONLY();
}


e.g. Everyone gets full access:

Code: Select all

function getPermissions(&$record){
    return Dataface_PermissionsTool::ALL();
}


e.g. Everyone gets no access:

Code: Select all

function getPermissions(&$record){
    return Dataface_PermissionsTool::NO_ACCESS();
}


e.g. Everyone gets permissions defined by the 'ADMIN' role (which is defined in the dataface permissions.ini file):

Code: Select all

function getPermissions(&$record){
    return Dataface_PermissionsTool::getRolePermissions('ADMIN');
}


e.g. Create your own custom role called 'MY_ROLE' that extends the 'READ ONLY' role, and assign this role to all users:
/path/to/yourapp/permissions.ini:

Code: Select all

[MY_ROLE extends READ ONLY]


/path/to/yourapp/ApplicationDelegate.php:

Code: Select all

function getPermissions(&$record){
    return Dataface_PermissionsTool::getRolePermissions('MY_ROLE');
}


e.g. Change 'MY_ROLE' so that it also has edit permissions:
/path/to/yourapp/permissions.ini:

Code: Select all

[MY_ROLE extends READ ONLY]
    edit=1


And once you have a feel for how it works, you can try to combine this with authentications:

e.g. Give logged in users 'MY_ROLE' permissions, but anonymous users get no permissions:

Code: Select all

function getPermissions(&$record){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $user ) return Dataface_PermissionsTool::getRolePermissions('MY_ROLE');
    else return Dataface_PermissionsTool::NO_ACCESS();
}


And finally, if you are storing a role for each user in your users table in a column named 'role', you could assign non-logged in users no access, but logged in users permissions according to their role. In this case all possible roles in the users table must be defined in either your permissions.ini file or the dataface permissions.ini file:

Code: Select all

function getPermissions(&$record){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $user and $user->val('role') ){
        return Dataface_PermissionsTool::getRolePermissions( $user->val('role'));
    } else {
        return Dataface_PermissionsTool::NO_ACCESS();
}