filters : user dme can view dme69 records ...

A place for users and developers of the Xataface to discuss and receive support.

Postby dme69 » Mon Jun 18, 2007 5:40 am

Hello,

I'm using filters for having users to see only records they have created.

[__filters__]
ID_user="$user->val('UserName')"

When username is "dme", he can see the records created by "dme69".

Please help me.

Dominique.

PS : sorry for my english !
dme69
 
Posts: 5
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Mon Jun 18, 2007 10:14 am

Try

[__filters__]
ID_user="={$user->val('UserName')}"

The prepended '=' sign should force an exact match.

-Steve

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby dme69 » Tue Jun 19, 2007 2:47 am

Hello Steve,

It's not working for me. With that i can't see anything.

Dominique.
dme69
 
Posts: 5
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Tue Jun 19, 2007 10:15 am

Hi Dominique,

Ok.. thanks for the bug report.Ê To fix this you will need to make a change to the Dataface/Table.php file.Ê Find the setSecurityFilter() method and replace it with this method:

function setSecurityFilter($filter=null){
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ if ( !isset($filter)){
ÊÊÊ ÊÊÊ ÊÊÊ $filter = array();
ÊÊÊ ÊÊÊ ÊÊÊ $app =& Dataface_Application::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ $query =& $app->getQuery();
ÊÊÊ ÊÊÊ ÊÊÊ if ( class_exists('Dataface_AuthenticationTool') ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth = null;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user = null;
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ foreach ($this->_filters as $key=>$value){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( isset($this->_securityFilter[$key]) ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( $value{0} == '$' ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, '$user') !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval('$filter[$key] = "=".'.$value.';');
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else if ( substr($value,0,4) == 'php:' ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, '$user') !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval('$filter[$key] = "=".'.substr($value,4).';');
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $filter[$key] = "=".$value;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $this->_securityFilter = $filter;
ÊÊÊ }
ÊÊÊ

Then you can change your [__filters__] section back to what you had originally:

[__filters__]

ID_user="$user->val('UserName')"

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 27 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved