show records depending on logged in user

[cookie720]

pretty self explanatory, need to list all records that are related to which ever user is logged in.
every record is assigned to a certain user.

Code: Select all

function getUser(&$record){
  $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
return $user;
}

function __sql__(){

return "SELECT * FROM `matters` WHERE `AssignedUser` = $user ";
}
}


Am i on the right track??

[shannah]

__sql__ directives shouldn't be used to filter the records in a table. It should only be used to add columns. The resulting query should always return the same number of rows as the default query (i.e. select * from table), and include a superset of the columns of the default query.

A better way to go would be to use security filters.

e.g.

Code: Select all

class tables_mytable {
    function init(Dataface_Table $table){
        $user = Dataface_AuthenticationTool::getInstance()
                        ->getLoggedInUserName();
        $table->setSecurityFilter(array('AssignedUser'=>'='.$user));
    }
}


-Steve

[cookie720]

Thats great shannah, but one more trick I need for this. I need to also filter the records by another column. The column has 2 values, YES and NO, and I need to filter it by all YES records by default.
Thats why I thought I would need to use the __sql__ function because the security filter actually prevents me from seeing other users related records now,

I want it to show logged in users records by default, but if they want to , they can click 'show all' or use the UserName filter to see another users records, Right now that filter is only showing the user that is logged in due to the security filter.

Thanks!!!
p.s. i love xataface

[shannah]

If you just want make a default filter that the user can opt out of then you should probably just modify the query in the beforeHandleRequest() method of the application delegate. Use security filters for non-negotiables.

E.g.

Code: Select all

function beforeHandleRequest(){
    $app = Dataface_Application::getInstance();
    $query =& $app->getQuery();
    if ( !@$_POST ){
        if ( $query['-table'] == 'sometable' ){
                if ( !@$query['username'] ){
                    $query['username'] = Dataface_AuthenticationTool::getInstance()->getLoggedInUserName();
                }
       }

    }
}


-Steve