Page 1 of 2

Accessing records based upon username login

PostPosted: Thu Feb 16, 2012 9:17 am
by sworden
I have set up my database and am trying to figure out how to allow access to records in tables based upon the username used when logging in. For example, my login is an admin, so I can see and edit everything. I would like to be able to set it up so that when a student logs in he can see records that pertain to him/her, but no one else. I would also like the student to be able to view anything that pertains to him, but he would only be able to edit his contact info.

Also, I would like to set it up so that an instructor can see info for all students, but can only edit/input info for a student that he is mentoring. How do I accomplish these goals?

Re: Accessing records based upon username login

PostPosted: Thu Feb 16, 2012 12:27 pm
by samhans
its easy define security filter in your table delegate class . for that you have to make ownerid column in your table.
you have asked lot many questions , segregate it so that it could be replied easily.


samhans

Re: Accessing records based upon username login

PostPosted: Thu Feb 16, 2012 1:31 pm
by sworden
Yes, it is a lot of questions, but in retrospect they all appear to center around "how do I set up a security filter?". I think I can start to figure out the rest.

Re: Accessing records based upon username login

PostPosted: Fri Feb 17, 2012 12:04 pm
by samhans
security filters can brower set up by declaring function either in table delegate class. or you can also specify it by application delegate class.

there is a tutorial in wiki to set security filters.
if you face Any problem after that then come back.

samhans

Re: Accessing records based upon username login

PostPosted: Wed Mar 14, 2012 10:38 am
by sworden
OK, when using this function:

function getPreferences(){
$mytable =& Dataface_Table::loadTable('applicants') ; // load the table named 'applicants'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('rol') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('owner_id'=>$user->val('user_id'));

}
return array(); // Mandatory!! getPreferences() must return array.
}

where do the owner_id and user_id values come from? The table I'm restricting access to, or the table that stores the log-in information? I have a "username" field in the "users" table (the table that stores log-in usernames and passwords) and an "applicants_id" field in the "applicants" table which is the unique identifier for that table.

Thanks.

Re: Accessing records based upon username login

PostPosted: Wed Mar 14, 2012 10:51 am
by samhans
owner id should be a field in your table in which you are restricting access.

Re: Accessing records based upon username login

PostPosted: Wed Mar 14, 2012 11:07 am
by sworden
Thanks. Where does "user_id" come from?

Re: Accessing records based upon username login

PostPosted: Wed Mar 14, 2012 11:12 am
by shannah
In your case, the owner_id field is in the table you're restricting access to and the user_id field is from the users table.

-Steve

Re: Accessing records based upon username login

PostPosted: Wed Mar 14, 2012 11:39 am
by sworden
shannah wrote:In your case, the owner_id field is in the table you're restricting access to and the user_id field is from the users table.

-Steve


When I set them up this way (or any other combination that I've tried) I try to log-in and once I've input my username and password it looks like the log-in sequence hangs up on the index.php file (I just get a blank screen and the url says "http://www.povpc.org/cpm/index.php"). This happens whether I log-in with my admin account or a read-only account that I set up to test this. Right now I have the "username" field in the "users" table and the "applicants_id" field in the "applicants" table. Do I need to have both fields in the same record in one of these tables? Is that why I'm getting the blank screen?

Here is how I set up the function:

function getPreferences(){
$mytable =& Dataface_Table::loadTable('applicants') ; // load the table named 'applicants'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('rol') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('applicants_id'=>$user->val('username'));

}
return array(); // Mandatory!! getPreferences() must return array.
}

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 7:03 am
by sworden
I changed the table I'm restricting to the "transcripts" table so that I could at least get logged in (and changed "applicants" in the function to "transcripts" after I made a transcripts.php file in the "transcripts" folder). This is what shows up in the url when I click on the transcripts tab:

http://www.povpc.org/cpm/index.php?-table=transcripts

and the screen is blank.

Something doesn't appear to be loading correctly. Any ideas?

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 8:39 am
by shannah
Check your error log

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 9:21 am
by sworden
The error log is saying it doesn't like the ; in the line "$mytable->setSecurityFilter(array('APPLICANTS_ID'=>$user->val('USERNAME'));"

function getPreferences(){
$mytable =& Dataface_Table::loadTable('transcripts') ; // load the table named 'transcripts'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('ROLE') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('APPLICANTS_ID'=>$user->val('USERNAME'));

}
return array(); // Mandatory!! getPreferences() must return array.
}

I tried taking it out just to see what would happen. Then it doesn't like the } that follows. These seem to be standard programming text, so what could be causing the problem?

Thanks for your help. I'm very new to PHP.

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 9:42 am
by shannah
Count the open parentheses and closing parentheses. You're missing a closing parenthesis.

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 10:00 am
by sworden
Thanks! Now that I've got that fixed I'm getting a fatal error:

[15-Mar-2012 09:47:09] PHP Fatal error: Class 'tables_transcripts' not found in /home/povpc11/public_html/xataface/Dataface/Table.php on line 1116

From the Table.php file (the last line is line 1116):

function _loadDelegate(){

if ( $this->_hasDelegateFile() ){

import( $this->_delegateFilePath() );
$delegate_name = "tables_".$this->tablename;
$this->_delegate = new $delegate_name();

Re: Accessing records based upon username login

PostPosted: Thu Mar 15, 2012 10:10 am
by samhans
have you defined the table class properly, check it again. you might have given wrong name to the class file