Xataface Forums

Put a face on your database
http://xataface.com/forum/

show records depending on logged in user

http://xataface.com/forum/viewtopic.php?f=4&t=6868

Page 1 of 1

show records depending on logged in user

PostPosted: Sun Jul 29, 2012 5:28 pm
by cookie720
pretty self explanatory, need to list all records that are related to which ever user is logged in.
every record is assigned to a certain user.
Code: Select all
function getUser(&$record){
  $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
return $user;
}

function __sql__(){

return "SELECT * FROM `matters` WHERE `AssignedUser` = $user ";
}
}

Am i on the right track??

Re: show records depending on logged in user

PostPosted: Mon Jul 30, 2012 10:30 am
by shannah
__sql__ directives shouldn't be used to filter the records in a table. It should only be used to add columns. The resulting query should always return the same number of rows as the default query (i.e. select * from table), and include a superset of the columns of the default query.

A better way to go would be to use security filters.

e.g.
Code: Select all
class tables_mytable {
    function init(Dataface_Table $table){
        $user = Dataface_AuthenticationTool::getInstance()
                        ->getLoggedInUserName();
        $table->setSecurityFilter(array('AssignedUser'=>'='.$user));
    }
}


-Steve

Re: show records depending on logged in user

PostPosted: Mon Jul 30, 2012 4:51 pm
by cookie720
Thats great shannah, but one more trick I need for this. I need to also filter the records by another column. The column has 2 values, YES and NO, and I need to filter it by all YES records by default.
Thats why I thought I would need to use the __sql__ function because the security filter actually prevents me from seeing other users related records now,

I want it to show logged in users records by default, but if they want to , they can click 'show all' or use the UserName filter to see another users records, Right now that filter is only showing the user that is logged in due to the security filter.

Thanks!!!
p.s. i love xataface

Re: show records depending on logged in user

PostPosted: Tue Jul 31, 2012 10:28 am
by shannah
If you just want make a default filter that the user can opt out of then you should probably just modify the query in the beforeHandleRequest() method of the application delegate. Use security filters for non-negotiables.

E.g.

Code: Select all
function beforeHandleRequest(){
    $app = Dataface_Application::getInstance();
    $query =& $app->getQuery();
    if ( !@$_POST ){
        if ( $query['-table'] == 'sometable' ){
                if ( !@$query['username'] ){
                    $query['username'] = Dataface_AuthenticationTool::getInstance()->getLoggedInUserName();
                }
       }

    }
}


-Steve
All times are UTC - 7 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/