Page 1 of 1
Authentication help needed
Posted:
Wed May 18, 2011 11:46 pm
by PaulR
I've set up a test site such that anyone can browse my database but only authorised users can make changes. I followed the tutorial to acvhieve this and it works exactly as I want with one exception - the users table is also publicly browseable and I'd like to prevent this for security reasons. I can't see a simple way to do this, can anyone help?
TIA
Paul
Re: Authentication help needed
Posted:
Thu May 19, 2011 8:54 am
by shannah
Example of users table delegate class getPermissions() method that will deny access to everyone:
- Code: Select all
function getPermissions($record){
return Dataface_PermissionsTool::NO_ACCESS();
}
Re: Authentication help needed
Posted:
Thu May 19, 2011 9:26 am
by PaulR
Thanks Steve. Forgive my ignorance but I take it that means I'd have to modify the users table outside of Xataface entirely e.g. in phpMyAdmin? Not a problem if so as there will only be a small number of users.
Paul
Re: Authentication help needed
Posted:
Thu May 19, 2011 9:42 am
by shannah
No. You need to implement a delegate class for the users table. See the section on delegate classes in the getting started tutorial. Then move onto the section on authentication and permissions.
-Steve
Re: Authentication help needed
Posted:
Thu May 19, 2011 11:08 am
by PaulR
Thanks again. I'd read both of those and created ApplicationDelegate.php (with READ_ONLY access if not logged in) which I guess I will need to remove (or at least modify) if I want to control access to each table independantly.
Sorry I know next to nothing about php, can I use the getPermissions method in ApplicationDelegate.php directly in a delegate function for the table that I do want users to be able to edit or would it need modification?
TIA
Paul
Re: Authentication help needed
Posted:
Thu May 19, 2011 11:26 am
by shannah
http://xataface.com/documentation/tutor ... te_classesThe application delegate controls application-wide stuff. The table delegate class controls stuff for only a specific table.
-Steve
Re: Authentication help needed
Posted:
Thu May 19, 2011 10:48 pm
by PaulR
Thanks again, it's now working exactly as required.
For anyone else new to this stuff it might be useful to know that you
can transplant the function in the example application-wide delegate class (
http://xataface.com/documentation/tutor ... ermissions) directly into a delegate class for each table.
Paul