Authentication help needed

[PaulR]

I've set up a test site such that anyone can browse my database but only authorised users can make changes. I followed the tutorial to acvhieve this and it works exactly as I want with one exception - the users table is also publicly browseable and I'd like to prevent this for security reasons. I can't see a simple way to do this, can anyone help?

TIA

Paul

[shannah]

Example of users table delegate class getPermissions() method that will deny access to everyone:

Code: Select all

function getPermissions($record){
    return Dataface_PermissionsTool::NO_ACCESS();
}


[PaulR]

Thanks Steve. Forgive my ignorance but I take it that means I'd have to modify the users table outside of Xataface entirely e.g. in phpMyAdmin? Not a problem if so as there will only be a small number of users.

Paul

[shannah]

No. You need to implement a delegate class for the users table. See the section on delegate classes in the getting started tutorial. Then move onto the section on authentication and permissions.

-Steve

[PaulR]

Thanks again. I'd read both of those and created ApplicationDelegate.php (with READ_ONLY access if not logged in) which I guess I will need to remove (or at least modify) if I want to control access to each table independantly.

Sorry I know next to nothing about php, can I use the getPermissions method in ApplicationDelegate.php directly in a delegate function for the table that I do want users to be able to edit or would it need modification?

TIA

Paul

[shannah]

http://xataface.com/documentation/tutor ... te_classes

The application delegate controls application-wide stuff. The table delegate class controls stuff for only a specific table.

-Steve

[PaulR]

Thanks again, it's now working exactly as required.

For anyone else new to this stuff it might be useful to know that you can transplant the function in the example application-wide delegate class (http://xataface.com/documentation/tutor ... ermissions) directly into a delegate class for each table.

Paul