Page 1 of 1

how to handle multiple ADMIN roles in database

PostPosted: Mon Oct 24, 2011 3:15 am
by rleyba
Hi Steve,

I have implemented authentication and access roles in my Xataface system and I have a requirement to have multiple Administrators. They have unique login names.....say AMShiftAdmin and PMShiftAdmin. It is all acceptable if the Administrators can change/reset passwords of other users but I want to implement a mechanism wherein if the logged in user is say AMShiftAdmin, he must NOT be able to change or alter the attributes of PMShiftAdmin user in the Users table.

Do you have a snippet of how this might be done?

Thanks very much.

Re: how to handle multiple ADMIN roles in database

PostPosted: Mon Oct 24, 2011 1:57 pm
by shannah
So you want these guys to both be able to do everything *except* change information about each other?

You probably want to implement permissions on the users table that restricts "edit" access on any records with role=Admin.
e.g.

Code: Select all
function getPermissions($record){
    if ( isAdmin() ){
        if ( $record->val('role') == 'ADMIN' and $record->val('username') != getUser()->val('username') ){
            return Dataface_PermissionsTool::READ_ONLY();
        }
    }
    return null;
}


Note the isAdmin() and getUser() functions don't exist... they are used as shorthand here so you get the idea of what is going on here.

What this essentialy says is:
If the current user is an admin, and the record in question is an ADMIN user account other than the current user, then we grant read only access.

Otherwise, returning null (for all other cases) just defers to the permissions defined in the application delegate class.

-Steve