Permissions for All Tables

[singersoll]

I want to have two groups of users (1) administrators and (2) read only. In following the great outline at: http://framework.weblite.ca/documentation/tutorial/getting_started/permissions I created my users table ->

CREATE TABLE `Users` ( `UserID` INT( 11 ) NOT NULL AUTO_INCREMENT , `UserName` VARCHAR( 32 ) NOT NULL , `Password` VARCHAR( 32 ) NOT NULL , `Role` ENUM('READ ONLY','NO ACCESS','ADMIN') DEFAULT 'READ ONLY', PRIMARY KEY ( `UserID` ) , UNIQUE (`UserName`))

I then modified my conf.ini file ->

[_auth]users_table = Usersusername_column = UserNamepassword_column = Password

I then added your ApplicationDelegate.php example to my /dataface/conf directory and added your example users to my users table ->

INSERT INTO `Users` (`UserName`,`Password`,`Role`) VALUES ('readOnlyUser','password','READ ONLY'), ('adminUser','password','ADMIN')

Now, my login works fine. However, when I bring up the application I can access the various records and add/edit without loggin in. I should be getting the login prompt prior to seeing any tables/information.

Is there another step I am missing?

TIA,
Steve

[shannah]

Yes.Ê You need to define a getPermissions() method in your application delegate class (or individual table delegate classes).

[singersoll]

(1) I followed your instructions as outlined on: http://framework.weblite.ca/documentation/tutorial/getting_started/permissions

(2) I defined the getPermissions() method by creating you ApplicationDelegate.php file as outlined:

getLoggedInUser(); if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS(); // if the user is null then nobody is logged in... no access. // This will force a login prompt. $role = $user->val('Role'); return Dataface_PermissionsTool::getRolePermissions($role); // Returns all of the permissions for the user's current role. }}?>

(3) As described in my thread I setup the database table and users as you outlined.

(4) Result: Users can login and/or register at -> http://167.154.2.203/CHN/ . However, when they click on a tab (Table) they can input or see the data.

(5) What am I missing as I want my users to have to login prior to seeing any data as outlined in your example?

I appreciate your assistance as your documentation is great but obviously I am not quite getting the picture.

TIA,
Steve

[shannah]

It evidently isn't picking up the application delegate class or it isn't picking up the getPermissions() method.

The application delegate class should be placed in the file conf/ApplicationDelegate.phpÊ (note it has to be in the conf directory).

You can check if it is picking up the class by changing the name of the class (e.g. change 'class conf_ApplicationDelegate' to 'class foo').Ê This should give you an error.Ê If it doesn't, then the file is not named properly or it is in the wrong place.Ê (remember file names are case sensitive).

It looks the class is set up properly... so it must be that it isn't finding the file.

-Steve

[singersoll]

I am getting some strange behavior. My directory structure is: /var/www/html/CHN (application) and /var/www/html/dataface . When I originally posted this discussion I created a conf directory under /dataface and placed ApplicationDelegate.php with the code you provided. The login worked but there was no difference whether I logged in or not.

Based on your above reply I tested changing conf_ApplicationDelegate to conf foo and still no change. So, I moved the conf directory under /dataface and placed under CHN. You can see the results at http://167.154.2.203/CHN/ . What concerns me is why "CHN Duties" and "Tuberculosis" displays "show all" and all the other tabs "Education", "Family Planning", etc. display "show all", "new record", "copy set", "delete set", "update set", "import records". When you click on "new record" on Education it will allow you to create a new record based on a previous login.

Is there a problem in performing a global authentication or do I have to set this up table by table.

All other settings are basically as you have outlined in your Permissions Tutorial.

TIA,
Steve

[shannah]

create a new record based on a previous login.

What do you mean by "previous login"?Ê When I go to the site, it doesn't allow me to do anything, because I am not logged in.

[shannah]

Another note.Ê If you are asked to add any files or make modifications to config files in the documentation.Ê 99.9999% of the time it will mean to make them for your application directory and not the dataface directory.Ê The dataface directory serves as a library that you shouldn't really have to ever touch.Ê When a new version comes out, you should be able to replace your old dataface directory with the new one, and all of your applications should be able to benefit from it.

-Steve

[singersoll]

All appears to be working correctly now. I just completed creating some dynamic valuelists for SQL query results. Now that I know where the ApplicationDelegate.php and /conf directory should be placed it is becoming clearer on how all works. One of the issues is restarting both the http and mysql daemons in order for all to work correctly. During my dynamic valuelists I had to create an additional entry for each table. Restarting the services seems to have cleared up the issue and all is working as you have outlined.

I have been looking for this type of development platform for some time. Using DaDaBik and other interfaces lacked the features you have incorporated into Dataface. This also solves some of the issues with a number of my CMS (Joomla!) sites where I can't find a viable extension but can wrap your application/framework easily into my sites.

Thanks again for all your hard work and I look foward to expanding my knowledge and use of Dataface.

Steve

[shannah]

Glad everything is working for you.Ê I'm always interested in hearing about interesting uses of Dataface so if you ever want to share about anything you are doing with it or post links to samples, I'm sure the community would be grateful.

Best regards
Steve