a fine authentification

[Jean]

Hello Steve and everyone,

I need to built an app where there are 4 profiles and each one can see all columns but some can edit specified columns of the main table.
Is it poçssible ?

Or do I have to create an app for each profile ?

Thank you for your help.
Jean

[shannah]

Hi Jean,

Yes. This is possible. Just use permissions.

e.g.:

Code: Select all

function col1__permissions(&$record){
    if ( user is profile 1 ){
        return Dataface_PermissionsTool::ALL();
    } else {
        return Dataface_PermissionsTool::READ_ONLY();
    }
}


function col2__permissions(&$record){
    if ( user is profile 2 ){
        return Dataface_PermissionsTool::ALL();
    } else {
        return Dataface_PermissionsTool::READ_ONLY();
    }
}

...



[Jean]

Thank you Steve for your quick reaction. I have to put specific permissions on fields/column. May be I found the solution http://xataface.com/forum/viewtopic.php?t=3983#20014 in the forum.

I think this is something useful for everyone


Jean

[Jean]

Hi Steve,

I come back to you. I want two profiles to be able to see everything in the table and edit only specific fields according to their profile.

May be I can direct someone towards a specific view/action according to his profile and a specific form according to one's profile. This form would have some fields READONLY and some others editable.

I would have to forbid others views/actions.

Have you any suggestion so that I work directly in a good direction ?

Jean

[shannah]

Hi Jean,

Perhaps I don't understand the question. My previous post should achieve exactly what you want.

[Jean]

Sorry Steve, I did not see your new pages in the doc about field_permissions, field_roles (0. ...
Wonderful
I'll explore it all to-morrow...
Have a nice day
Jean

[Jean]

Hi Steve,

I come back to you on this question to filter the user according to the different fields.

The code you gave to me works perfectly but, I am afraid, blocks the user for the whole form, all the fields for the table as soon as any field has a different permission.

This is global and not adapted to every field.

To explain better. I'd like to be more specific :
According to one's profile, the user would be able to click on the edit tab but some fields would be displayed as text and others would be fields where it would be possible to edit the content. Only one profile would be allowed to create a new entry.

What would be the best strategy ?
Would you create a table and an action per user ?

Best regards
Jean



[/list]

[shannah]

You can achieve this by giving the user edit permissions to the record, but read only permissions to certain fields.

[Jean]

Steve,
I'm not far from my aim.
I included in my delegate class inside the directory of the table, this code :

Code: Select all


function getUser(&$record){
  $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
return $user;

}

function date_demande__permissions(&$record){

$usager =$this->getUser($record);
    if ( $usager->val('identifiant')=='demande' ){
        return Dataface_PermissionsTool::ALL();
    } elseif ($usager->val('identifiant')=='admin'){
return Dataface_PermissionsTool::ALL();
}
else {
        return Dataface_PermissionsTool::READ_ONLY();
}
}

And so on for each field. 'identifiant is the name of the field for username.
I still have a problem with the permissions with this message

Warning: Missing argument 1 for edit() in /var/www/html/dataface-0.7.1/Dataface/PermissionsTool.php on line 211

here is this line at the end

Code: Select all

    /**
     * Checks to see if an object or permissions array has edit permissions.
     * !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 .  PLEASE USE
     * !! getRolePermissions()  instead.   
     * @param $perms Either an object (Table or Record) or a permissions array.
     * @param #2 Optional name of a field we wish to check (only if $perms is a Table or Record).
     */

    function edit(&$perms, $params=array()){


Have you any hunch for that ?

Thank you
Jean

[shannah]

Not entirely sure where this bug is coming from... but a couple of tips:

1. If you are using PHP 4, your getUser method should return a reference:
e.g.

Code: Select all

function &getUser(&$record){
  $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
return $user;

}


(note the prepended '&' to the method definition).
Otherwise it will be making a lot of unnecessary copies of the $user object and it will slow down your code. (in PHP 5 this would be fine).

Second your permissions method should handle the case where $usager is null (which occurs when no users are logged in).

e.g.

Code: Select all

function date_demande__permissions(&$record){

$usager =$this->getUser($record);

if ( !$usager ) return Dataface_PermissionsTool::READ_ONLY();

    if ( $usager->val('identifiant')=='demande' ){
        return Dataface_PermissionsTool::ALL();
    } elseif ($usager->val('identifiant')=='admin'){
return Dataface_PermissionsTool::ALL();
}
else {
        return Dataface_PermissionsTool::READ_ONLY();
}
}


However I'm not sure that this will fix the warning message. There may be a bug that I have to track down. You can help by adding the following to the beginning of the edit() method of PermissionsTool.

Code: Select all

if ( !$perms ) echo Dataface_Error::printStackTrace();


This will just print a stacktace if there are no permissions passed to help us figure out where this is happening.

I'll see about dusting off the 0.7.1 release to find out where the bug lies (the frustrating thing is that I have likely fixed this bug long ago for the current release, but didn't document it for the 0.7.1 release )

-Steve

[Jean]

Thank you for your long and complete explanation. I solved it by changing EDIT() by ALL().
I will change my code according to your remarks.
If you want so, I can write next week a documentation for this case of field authentification from your existing one.
Thank you Steve.
Jean

[shannah]

Thanks Jean.

That would be great!

_Steve