Page 1 of 1

Authentication help needed

PostPosted: Wed May 18, 2011 11:46 pm
by PaulR
I've set up a test site such that anyone can browse my database but only authorised users can make changes. I followed the tutorial to acvhieve this and it works exactly as I want with one exception - the users table is also publicly browseable and I'd like to prevent this for security reasons. I can't see a simple way to do this, can anyone help?

TIA

Paul

Re: Authentication help needed

PostPosted: Thu May 19, 2011 8:54 am
by shannah
Example of users table delegate class getPermissions() method that will deny access to everyone:
Code: Select all
function getPermissions($record){
    return Dataface_PermissionsTool::NO_ACCESS();
}

Re: Authentication help needed

PostPosted: Thu May 19, 2011 9:26 am
by PaulR
Thanks Steve. Forgive my ignorance but I take it that means I'd have to modify the users table outside of Xataface entirely e.g. in phpMyAdmin? Not a problem if so as there will only be a small number of users.

Paul

Re: Authentication help needed

PostPosted: Thu May 19, 2011 9:42 am
by shannah
No. You need to implement a delegate class for the users table. See the section on delegate classes in the getting started tutorial. Then move onto the section on authentication and permissions.

-Steve

Re: Authentication help needed

PostPosted: Thu May 19, 2011 11:08 am
by PaulR
Thanks again. I'd read both of those and created ApplicationDelegate.php (with READ_ONLY access if not logged in) which I guess I will need to remove (or at least modify) if I want to control access to each table independantly.

Sorry I know next to nothing about php, can I use the getPermissions method in ApplicationDelegate.php directly in a delegate function for the table that I do want users to be able to edit or would it need modification?

TIA

Paul

Re: Authentication help needed

PostPosted: Thu May 19, 2011 11:26 am
by shannah
http://xataface.com/documentation/tutor ... te_classes

The application delegate controls application-wide stuff. The table delegate class controls stuff for only a specific table.

-Steve

Re: Authentication help needed

PostPosted: Thu May 19, 2011 10:48 pm
by PaulR
Thanks again, it's now working exactly as required. :D

For anyone else new to this stuff it might be useful to know that you can transplant the function in the example application-wide delegate class (http://xataface.com/documentation/tutor ... ermissions) directly into a delegate class for each table.

Paul