Xataface Forums

In my Xataface application, I'd like the "admin" to be able to see all the tables. However, there are some tables that the normal users should not need to have access to. I want those tables to disappear from the navigation menu for other users. Also, I want those tables to be inaccessible from URL's.

The solution I came up with was to create a beforeHandleRequest function in my ApplicationDelegate.php:

Code: Select all

  function beforeHandleRequest() {
    if ($this->isLoggedIn()) {
      if ($this->getLoggedInUsername() !== 'admin') {
        $app =& Dataface_Application::getInstance();

        // Makes sure that the NavMenu cannot see these tables
        unset($app->_conf['_tables']['phone_types']);
        unset($app->_conf['_tables']['address_types']);
        unset($app->_conf['_tables']['email_types']);
        unset($app->_conf['_tables']['users']);

        // Makes sure that a non-admin user cannot access the tables
        // from the browser.
        $app->_conf['_disallowed_tables']['hide_admin1'] = 'phone_types';
        $app->_conf['_disallowed_tables']['hide_admin2'] = 'address_types';
        $app->_conf['_disallowed_tables']['hide_admin3'] = 'email_types';
        $app->_conf['_disallowed_tables']['hide_admin4'] = 'users';
      }
    }
  }

Although this works, I was wondering if there's a better way to be doing this.

Thank you,
-Rob

Hi Rob,

This technique looks like a good and efficient way to accomplish what you are doing in your case.

(In fact for the tables menu part this is probably the best way).

What I often do is define a very strict getPermissions() method in the application delegate class and then define softer getPermissions() methods on those particular tables that I want to allow users to access.

e.g.

In the application delegate class:

Code: Select all

function getPermissions(&$record){
    if ( $this->getLoggedInUsername() == 'admin' ){
        return Dataface_PermissionsTool::ALL();
    } else {
        return Dataface_PermissionsTool::NO_ACCESS();
    }
}


Then, if you want your user to be able to access the 'News' table you could add the following to the News table's delegate class.

Code: Select all

function getPermissions(&$record){

    return Dataface_PermissionsTool::ALL();
}


Or some other logic to decide what permissions to give on that table.

The permissions method wouldn't deal with the options in the tables meny, but it would work for access.

All that said, your method looks nice and succinct for the purposes you described.

-Steve

Hello,
I'm a French Student, and I would like know more informations about how works the code of Rob (Where should I put it precisely, what does it add ...) :

Code: Select all

     
function beforeHandleRequest() {
        if ($this->isLoggedIn()) {
          if ($this->getLoggedInUsername() !== 'admin') {
            $app =& Dataface_Application::getInstance();

            // Makes sure that the NavMenu cannot see these tables
            unset($app->_conf['_tables']['phone_types']);
            unset($app->_conf['_tables']['address_types']);
            unset($app->_conf['_tables']['email_types']);
            unset($app->_conf['_tables']['users']);

            // Makes sure that a non-admin user cannot access the tables
            // from the browser.
            $app->_conf['_disallowed_tables']['hide_admin1'] = 'phone_types';
            $app->_conf['_disallowed_tables']['hide_admin2'] = 'address_types';
            $app->_conf['_disallowed_tables']['hide_admin3'] = 'email_types';
            $app->_conf['_disallowed_tables']['hide_admin4'] = 'users';
          }
        }
      }


Indeed, I also need to hide some tables to certain users. But I started with Xataface and computing, and I feel very badly with the functinning.

Thank you,

Tag