roles/permissions question
57 posts
• Page 4 of 4 • 1, 2, 3, 4
Circumstances where $record should be null:
1. Dataface is checking permissions for the whole table. (Many of the actions along the top bar have associated calls to getPermissions with a null record). 2. If the result set is empty (i.e. it says no records matched your request). Your getPermissions method will be called several times per page load to check permissions on different things. Many times $record will be null, but if there are any records in the found set, there should be at least a few calls where $record is not null. If you are sure that $record is always null and it should not be, then this is very strange indeed.
Well, I am not sure that it is, but that's what it seems like it. If I log in as admin, I get full access, if I log in as not admin, I get No Access. But there are definately records returned. (One thing, I am using a view instead of a table, but I don't see how that would change anyhting).
The other issue, is that the last "if" statement come back with an error. And I can't figure out why.
I changed the line for non-admin users to have read only access if the record is null. When I log in as a regular user, I see all the records with "NO ACCESS" in all the fields. Only the ones that belong to the user (after filtering) show me the information and allow to edit it. (still cannot add records though).
When I click on the on of the "NO ACCESS" records. I get the following: "On line 324 of file C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\PermissionsTool.php in function printStackTrace() On line 341 of file C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\PermissionsTool.php in function namesAsArray() On line 794 of file C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\Application.php in function namesAsString() On line 1161 of file C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\Application.php in function handleRequest() On line 5 of file C:\Program Files\apache\htdocs\vtigerCRM\contacts\index.php in function display() Warning: Invalid argument supplied for foreach() in C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\PermissionsTool.php on line 326 Warning: implode() [function.implode]: Bad arguments. in C:\Program Files\apache\htdocs\vtigerCRM\DataFace\Dataface\Application.php on line 796" And then the regular screen with " Errors * Permission to perform action 'view' denied. Requires permission 'view' but only granted ''. "
One thing to be sure of is that your getPermissions method always returns something.
I.e. add a line at the end of your getPermissionsMethod to catch all other cases: return Dataface_PermissionsTool::NO_ACCESS(); Another thing: To avoid the list view from showing you all the records that you cannot access, you can use security filters. http://framework.weblite.ca/documentation/how-to/security_filters Best regards Steve
Can you give me a pointer as to why with my getPermissionsMethod I cannot insert new records!
I have narrowed it down to the ' return' 'READ_ONLY' part of the statement in the following line if ( $record->val('UserID') == $user->val('UserID') ) return Dataface_PermissionsTool::ALL(); // otherwise we give read only access return Dataface_PermissionsTool::READ_ONLY(); not sure how to get round this?
Check out the example in the submission form tutorial (http://framework.weblite.ca/documentation/tutorial/submission_forms/permissions).
It shows you how to test for certain actions (e.g. -new : inserting new records) to provide special permissions in those cases. -Steve
I have added the following statement:-
if ( $query['-action'] == 'new' && $record->val('UserID') == $user->val('UserID')) return Dataface_PermissionsTool::ALL(); And tested for $record->val('UserID') and $user->val('UserID') when inserting a record.I am still only getting read only permission suggesting the above statement is false? Yet if I change the return action (just for arguments sake) to NO_ACCESS then the above statement appears to be true as I get permission denied? function getPermissions(&$record){ // first get the currently logged in user $auth =& Dataface_AuthenticationTool::getInstance(); $user =& $auth->getLoggedInUser(); $app =& Dataface_Application::getInstance(); $query =& $app->getQuery(); // if no user is logged in, then we give no access if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS(); //echo $user->val('Role'); exit; // Allows delete all function if (is_null($record) && $user->val('Role') == 'ADMIN' ) return Dataface_PermissionsTool::ALL(); // insert new record stuff //echo $user->val('UserID'); //echo $record->val('UserID'); if ( $query['-action'] == 'new' && $record->val('UserID') == $user->val('UserID')) return Dataface_PermissionsTool::ALL(); if ( !($record)) { return Dataface_PermissionsTool::READ_ONLY(); } // If the logged in user has the same UserID as the restaurant, then // this user is the owner of the restaurant.. he has full permissions. if ($record->val('UserID') == $user->val('UserID') ) return Dataface_PermissionsTool::ALL(); // otherwise we give read only access return Dataface_PermissionsTool::READ_ONLY(); } Graham
The problem you're experiencing is due to the fact that if you are inserting a new record, you won't be interested in the value of $record, because you're inserting a record and hence the record you are working on doesn't yet exist. Realistically $record should be null when inserting a new record, but I think that it is actually giving you the first record in the result set. Best to just ignore it in this case as it won't be giving you what you want.
Best regards Steve
Re: roles/permissions questionWhat is the easiest way to alter this code from a previous post.
to do the following: In my database I have admins, mentors, and students. Currently, the admins have the ADMIN role, mentors have the EDIT role, and students have the READ-ONLY role. I would like the mentors to be able to view, add, and edit records for students that they are mentoring, but only view records for students they are not mentoring. Currently, this relationship is defined in the "applicants" table where the "mentor_id" field is a foreign key. I think this code is close to what I want to do, but not quite there.
57 posts
• Page 4 of 4 • 1, 2, 3, 4
Who is onlineUsers browsing this forum: No registered users and 22 guests |