Hiding tables from certain users

A place for users and developers of the Xataface to discuss and receive support.

Hiding tables from certain users

Postby kedoin » Tue Apr 15, 2008 7:31 am

In my Xataface application, I'd like the "admin" to be able to see all the tables. However, there are some tables that the normal users should not need to have access to. I want those tables to disappear from the navigation menu for other users. Also, I want those tables to be inaccessible from URL's.

The solution I came up with was to create a beforeHandleRequest function in my ApplicationDelegate.php:

Code: Select all
  function beforeHandleRequest() {
    if ($this->isLoggedIn()) {
      if ($this->getLoggedInUsername() !== 'admin') {
        $app =& Dataface_Application::getInstance();

        // Makes sure that the NavMenu cannot see these tables
        unset($app->_conf['_tables']['phone_types']);
        unset($app->_conf['_tables']['address_types']);
        unset($app->_conf['_tables']['email_types']);
        unset($app->_conf['_tables']['users']);

        // Makes sure that a non-admin user cannot access the tables
        // from the browser.
        $app->_conf['_disallowed_tables']['hide_admin1'] = 'phone_types';
        $app->_conf['_disallowed_tables']['hide_admin2'] = 'address_types';
        $app->_conf['_disallowed_tables']['hide_admin3'] = 'email_types';
        $app->_conf['_disallowed_tables']['hide_admin4'] = 'users';
      }
    }
  }


Although this works, I was wondering if there's a better way to be doing this.

Thank you,
-Rob
kedoin
 
Posts: 12
Joined: Fri Apr 04, 2008 7:44 am

Postby shannah » Tue Apr 15, 2008 12:25 pm

Hi Rob,

This technique looks like a good and efficient way to accomplish what you are doing in your case.

(In fact for the tables menu part this is probably the best way).

What I often do is define a very strict getPermissions() method in the application delegate class and then define softer getPermissions() methods on those particular tables that I want to allow users to access.

e.g.

In the application delegate class:
Code: Select all
function getPermissions(&$record){
    if ( $this->getLoggedInUsername() == 'admin' ){
        return Dataface_PermissionsTool::ALL();
    } else {
        return Dataface_PermissionsTool::NO_ACCESS();
    }
}


Then, if you want your user to be able to access the 'News' table you could add the following to the News table's delegate class.

Code: Select all
function getPermissions(&$record){

    return Dataface_PermissionsTool::ALL();
}


Or some other logic to decide what permissions to give on that table.

The permissions method wouldn't deal with the options in the tables meny, but it would work for access.

All that said, your method looks nice and succinct for the purposes you described.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Hiding tables from certain users

Postby Tag » Wed Jun 02, 2010 1:41 am

Hello,
I'm a French Student, and I would like know more informations about how works the code of Rob (Where should I put it precisely, what does it add ...) :

Code: Select all
     
function beforeHandleRequest() {
        if ($this->isLoggedIn()) {
          if ($this->getLoggedInUsername() !== 'admin') {
            $app =& Dataface_Application::getInstance();

            // Makes sure that the NavMenu cannot see these tables
            unset($app->_conf['_tables']['phone_types']);
            unset($app->_conf['_tables']['address_types']);
            unset($app->_conf['_tables']['email_types']);
            unset($app->_conf['_tables']['users']);

            // Makes sure that a non-admin user cannot access the tables
            // from the browser.
            $app->_conf['_disallowed_tables']['hide_admin1'] = 'phone_types';
            $app->_conf['_disallowed_tables']['hide_admin2'] = 'address_types';
            $app->_conf['_disallowed_tables']['hide_admin3'] = 'email_types';
            $app->_conf['_disallowed_tables']['hide_admin4'] = 'users';
          }
        }
      }


Indeed, I also need to hide some tables to certain users. But I started with Xataface and computing, and I feel very badly with the functinning.

Thank you,

Tag
Tag
 
Posts: 1
Joined: Thu May 20, 2010 5:01 am


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 8 guests

Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved