Xataface Forums

OK, I'm in over my head...

I'm trying to implement a permissions scheme that differs slightly from the standard one - I want my permissions to be defined by a DB table, rather than the .ini-file approach normally used.

I've got my table set up, and it's being used to check username/password as expected. So far so good.

I've implemented getPermissions() in conf/ApplicaitionDelegate.php to grab the data from my table. Here's where it all goes horribly wrong...

I'm setting up $results[$permission] = true or false according to my table, then returning $results. This doesn't work - everyting seems to be permitted, even if the permission (list, edit, whatever) is fales or even missing.

What is my function supposed to be returning?

Thanks!

Vic,

Hi Vic,

First of all. Make sure you're not performing any database queries inside getPermissions(). This will drastically destroy your performance because this method is called dozens or even hundreds of times per request.

Can't say why it's not working unless you provide a little more code. You seem to have the right idea: getPermissions() returns an array where the keys are the permission names and the values are 0 or 1.

-Steve

shannah wrote:First of all. Make sure you're not performing any database queries inside getPermissions(). This will drastically destroy your performance because this method is called dozens or even hundreds of times per request.

Yes, I noticed that while trying to debug the problem. I don't have a clean solution to that, yet... Can the AuthenticationTool stuff be used to cache the data?

shannah wrote:Can't say why it's not working unless you provide a little more code.

It's not good code, but here it is :-

Code: Select all

     function getPermissions(&$record){
         $results = array();
         $auth =& Dataface_AuthenticationTool::getInstance();
         $user =& $auth->getLoggedInUser();
         if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
             // if the user is null then nobody is logged in... no access.
             // This will force a login prompt.
         $query['RoleID'] = $user->val('RoleID');
         $perms = df_get_records_array('GlobalPermissions', $query);
         $row = $perms[0];
         foreach (array_keys($row->values()) as  $key) {
            if ($key != 'RoleID' and $key != 'RoleName') {
                if ($row->val($key) == 'Y') {
                    $results[$key] = true;
                } else {
                    $results[$key] = 0;
                }
            }
         }
         return ($reults);
      }


The Y/N stuff has become extremely hacky - it started out as a tinyint, but that didn't work, so I tried an enum, and then the thrashing began :-(

shannah wrote:You seem to have the right idea: getPermissions() returns an array where the keys are the permission names and the values are 0 or 1.

Strangely, when I returned rubbish, it notcied that the "list" permission wasn't set, and denied me a list. When I return some permissions - but *not* the list permission - it allows me access...

PHP isn't really my thing, as you might have guessed...

Vic.

return ($reults);

Could it be this typo in your return statement. You mean to return $results not $reults


As far as caching this info, you create a static cache for your data as follows:

Code: Select all

function getPermissions(&$record){
    static $perms = -1;
    if ( $perms == -1 ) $perms = array();
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
    if ( !isset($perms[$user->val('RoleID')]) ){

        ... calculate your permissions here and
        store them in $perms[$user->val('RoleID')]
    }
    return $perms[$user->val('RoleID')];

}


shannah wrote:

return ($reults);

Could it be this typo in your return statement. You mean to return $results not $reults

Ahh, knickers. How embarrassed am I now?

Thanks, Steve. It works a treat now.

shannah wrote:

Code: Select all

    if ( !isset($perms[$user->val('RoleID')]) ){

        ... calculate your permissions here and
        store them in $perms[$user->val('RoleID')]
    }


OK, I see. That's pretty simple.

I think you need a new domain. xataface-and-dumb-php-questions.com.

Thanks again.

Vic.