Creating table views

[zopemgr]

OK.. this would be a 2 step process.

1. There is a bug in the current version that prevents the -redirect flag from being recognized. Download a fixed version of AuthenticationTool.php at http://framework.weblite.ca/development/issue-tracker/20 and install it.

2. add the following to the beginning of your application's index.php file:

Code: Select all

if ( @$_REQUEST['-action'] == 'login' ){
    $_GET['-redirect'] = 'index.php?-action=custom_login_redirect';
    $_REQUEST['-redirect'] = $_GET['-redirect'];
}


What this does is set the -redirect flag when the user logs in so that he will be forwarded to a specific URL.
-action=custom_login_redirect specifies that the user should be sent to a custom action named login_redirect. Next you will create this action.

Create a folder in your application's directory named "pages".
Add a file in this folder named "login_redirect.php"

This file will be executed when the url index.php?-action=custom_login_redirect is requested.

in the login_redirect.php file, add the following:

Code: Select all

$authTool =& Dataface_AuthenticationTool::getInstance();
$user =& $authTool->getLoggedInUser(); // gets the currently logged in user.
if ( !isset($user) ) trigger_error("No user is logged in", E_USER_ERROR);
header('Location: '.$user->getURL());
exit;
?>


What this does, is obtains the currently logged in user, and forwards to his user record. You could use this action to redirect anywhere you like.

Hope this helps.

Best regards

Steve

[geller]

That is kind of what I am after but I don't want the 'user'record from the Users table

I need each user to access their own record in the table 'restinfo' ( i.e. the details of his restaurant only) and not have any visibility of any other restaurants records. There is a UserID field in 'restinfo' if this helps?

Could this be done by adding a sql statement in the conf.ini or the index.php?

Cheers
Graham

[shannah]

Same instructions apply. Just change the line:

Code: Select all

header('Location: '.$user->getURL());


to

[code]
header('Location: index.php?-table=restinfo&UserID='.$user->val('UserID'));


Assuming the users table also has a field named UserID.

[geller]

That works but if the user accesses another of his tables he will have to login again to get back to his restaurant details. Also you can 'hack' the URL and access other records.

Not being familiar with Dataface where/how are the table details retrieved from the DB. Can these be altered on a per table basis? Using a modified template for each user perhaps?

[zopemgr]

Ok.

There are two separate issues here.
1. User permissions
2. User navigation

You use user permissions to deal with the hacking of the URL to make sure that users can only do what you want them to do.

To make things easier to navigate you can override the view tab (or any other slot to make things easier).

First let's discuss the user permissions. All permissions for a table are defined in the delegate class by the getPermissions() method:

Code: Select all

function getPermissions(&$record){
    // first get the currently logged in user
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();

    // if no user is logged in, then we give read-only access
    if ( !$user ) return Dataface_PermissionsTool::READ_ONLY();

    // check if the record is set.  If the user performs a search
    // that returns an empty set, then this record may be null.
    if ( !isset($record) ) return Dataface_PermissionsTool::READ_ONLY();

    // If the logged in user has the same UserID as the restaurant, then
    // this user is the owner of the restaurant.. he has full permissions.
    if ( $record->val('UserID') == $user->val('UserID') ) return Dataface_PermissionsTool::ALL();

    // otherwise we give read only access
    return Dataface_PermissionsTool::READ_ONLY();
}



For example... you can define a separate getPermissions() method for each table, each in its delegate class, or you can make a default getPermissions() method in the application delegate class to be used by all tables.


As for part II: navigation.

There are lots of tricks you can use to make the user experience better.
a. You can add your own custom menu with links to appropriate places in the app, that will be different for different users.

b. You can create custom breadcrumbs to display a path to the user's current location so that it better reflects the heirarchy of the application.

c. You can hide certain parts of the application's interface to certain users. E.g. you may want to hide the search or the status bar, or the view tabs.

d. You can override the view tab for a table so that it better reflects the information that you want the user to see, and provide navigational links.