How to set permissions at the table level
Posted: Thu Jan 05, 2012 8:59 pm
Hi Steve,
I have implemented authentication and permissions in my application and everything is working as it should. The ROLES are simple, an Admin user which has all rights, and a NORMAL user which has READ ONLY access to all tables.
I have a requirement wherein I need a third user which has ADMIN rights to only ONE of the tables but READ ONLY for all the rest.
My Application Delegate Class looks like this.
The table delegate class of the table that the power user is to have admin rights to looks like this:
I don't have any table delegate classes defined in any other table as I would like the application delegate to have the default permissions/roles in the other tables. My observation is that once the MrKim user logs in and selects other tables he gets READ ONLY access privileges which is well and good. Once he selects the "Assignments" table tab, the table's getpermissions function kicks in and he becomes ADMIN for the table, which is just what I wanted. The issue is once he then selects other tabs, he retains this ADMIN privileges everywhere. How do I restrict him to be ADMIN only in the "Assignments" table and then be READ ONLY everywhere else?
Thanks and regards.
I have implemented authentication and permissions in my application and everything is working as it should. The ROLES are simple, an Admin user which has all rights, and a NORMAL user which has READ ONLY access to all tables.
I have a requirement wherein I need a third user which has ADMIN rights to only ONE of the tables but READ ONLY for all the rest.
My Application Delegate Class looks like this.
- Code: Select all
<?
/**
* A delegate class for the entire application to handle custom handling of
* some functions such as permissions and preferences.
*/
class conf_ApplicationDelegate {
/**
* Returns permissions array. This method is called every time an action is
* performed to make sure that the user has permission to perform the action.
* @param record A Dataface_Record object (may be null) against which we check
* permissions.
* @see Dataface_PermissionsTool
* @see Dataface_AuthenticationTool
*/
function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
// if the user is null then nobody is logged in... no access.
// This will force a login prompt.
$role = $user->val('Role');
return Dataface_PermissionsTool::getRolePermissions($role);
// Returns all of the permissions for the user's current role.
}
}
?>
The table delegate class of the table that the power user is to have admin rights to looks like this:
- Code: Select all
<?
class tables_Assignments {
function getPermissions(&$record){
$auth=&Dataface_AuthenticationTool::getInstance();
$user=&$auth->getLoggedInUser();
if ( $user->val('UserName') == 'MrKim' ){
return Dataface_PermissionsTool::getRolePermissions('ADMIN');
} else {
return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
}
}
}
?>
I don't have any table delegate classes defined in any other table as I would like the application delegate to have the default permissions/roles in the other tables. My observation is that once the MrKim user logs in and selects other tables he gets READ ONLY access privileges which is well and good. Once he selects the "Assignments" table tab, the table's getpermissions function kicks in and he becomes ADMIN for the table, which is just what I wanted. The issue is once he then selects other tabs, he retains this ADMIN privileges everywhere. How do I restrict him to be ADMIN only in the "Assignments" table and then be READ ONLY everywhere else?
Thanks and regards.