Xataface Forums

Heyo, does anyone know how to deal with this problem? I have 3 tiers of permissions, shut-out (no access to anything, applies to users who aren't logged in), read only, and admin privileges.

Everything works fine except I just noticed,

if a user logs in as read only, the first page they are looking at is a table and they appear to have all permissions - checkboxes for deleting/copying appear, etc. All actions are still blocked when the user tries to invoke them, and the error is gone if the user redirects to any other page, even if they come right back to the first page. A refresh, however, does not dispel the error.

How do I get rid of this minor error?

Any help here?...

Have you tried clearing out your application's 'templates_c' directory as well as your browser cache? Not fully sure of the impact of this, but I've found it holds quite a lot of info that can affect changes to various 'settings'.

If that's not it, I would suggest reverting to the default permissions, see if that works, and rebuilding from your tailored ones from there, testing at each stage (and clearing out browser cache and templates_c).

Last resort, you may need to post some file contents - permissions.ini, ApplicationDelegate.php for others to see if there's anything funny going on there.

Please post the relevant permissions settings (e.g. getPermissions() methods, etc..) so that I can take a look. It's hard to say what is happening with this current info.

Thanks for the attention!

Here's my getPermissions, as you can see it's implemented with a double array which determines a user's
permission based on their access level (an integer) and which table they're trying to access. $tableRoles is actually created on startup via an ini and accessed from elsewhere (I'm positive the error doesn't lie here). I've hard-coded it into the method for clarity.

Code: Select all

function getPermissions(&$record){         
      $table = @$_REQUEST['-table'];
      if (!$table) {
         $table = 'None';
      }
                  
      $out = Dataface_PermissionsTool::getRolePermissions('ACCESS_SHUTOUT');
      $rd = Dataface_PermissionsTool::getRolePermissions('ACCESS_READ');
      $rdwt = Dataface_PermissionsTool::getRolePermissions('ACCESS_READ_WRITE');
      $ultra = Dataface_PermissionsTool::getRolePermissions('ACCESS_ULTRA');   
      
      $tableRoles = array(
         'Member' =>    array('OUT' => $out,       'MEMBER' => $rd,       'ADMIN' => $ultra),
         'Team' =>       array('OUT' => $out,       'MEMBER' => $rd,       'ADMIN' => $ultra),
         'Inventory' =>    array('OUT' => $out,       'MEMBER' => $rd,       'ADMIN' => $ultra),
         'Lockers' =>    array('OUT' => $out,       'MEMBER' => $rd,       'ADMIN' => $ultra),
         'Users' =>       array('OUT' => $out,       'MEMBER' => $out,       'ADMIN' => $ultra),
         'New_Member' => array('OUT' => $out,       'MEMBER' => $out,       'ADMIN' => $ultra),
         'None' =>       array('OUT' => $out,       'MEMBER' => $ultra,    'ADMIN' => $ultra)
      );

      $auth =& Dataface_AuthenticationTool::getInstance();
      $user =& $auth->getLoggedInUser();
      $role = 'OUT';
      if ($user) {
         switch ($user->val('Access_Level')) {
            case 2:
               $role = 'MEMBER';
               break;
            case 1:
               $role = 'ADMIN';
               break;
         }
      }
                  
      return $tableRoles[$table][$role];
    }


Try changing

Code: Select all

$out = Dataface_PermissionsTool::getRolePermissions('ACCESS_SHUTOUT');


to

Code: Select all

$out = Dataface_PermissionsTool::NO_ACCESS();


Also, I presume that this is in the application delegate class (not a table delegate class). You should probably be retrieving the table name from the Dataface_Record object if it is not null, since getPermissions() may be called on many different records during the course of a request. Some may be from the table of the request (i.e. -table), but others might have been loaded from different tables.

You can get the table name of a record with $record->table()->tablename

Steve

I implemented both those changes and the issue is gone! Thanks a lot.

(Edit: Yes, the method is in the application delegate)

-Gersh