Removing actions from the edit form

[njw]

Hi Steve

I am sure this information is available, but I can't find it - or perhaps don't recognise what I have found

I need to remove actions such as new, copy etc. from specific users for specific tables.

Can I put the code into a table.php for the table?
And is the code the same as for an application wide function?

(The reason is that I wish some users to be able to edit records that an administrator has set up, but not to create new ones.)

Many thanks

Neil

[shannah]

HI Neil,

There are 2 ways to remove actions.
1. Through permissions
2. Through the actions.ini file (overriding actions).

If you look at the xataface actions.ini file (http://xataface.com/wiki/actions.ini_file) you'll notice that most/all actions have a 'permission' directive'. This specifies the permission that a user requires to access the action. Depriving your users this permission will effectively remove the action.

Now there are a few ways to edit the permissions - i'll show you a hack way here because it is simple.

In your getPermissions() method, you may have something like:

Code: Select all

function getPermissions(&$record){
    ....
    return Dataface_PermissionsTool::ALL();
}


Suppose we want to remove the copy permission, then we could:

Code: Select all

function getPermissions(&$record){
    ....
    $perms = Dataface_PermissionsTool::ALL();
    $perms['copy'] = 0;
    return $perms;
}


The permissions way is the more complicated way but the benefit is that it not only hides the action; it prevents users from using the action even if they enter the URL directly.


The other way, with the actions.ini file is the easier way. Essentially with this technique, you'll override the actions that you wish to change, and modify the condition directive so that it only shows up in your preferred tables.

e.g. to make it so that the copy_replace action only shows up in the foo and bar tables, you could do something like:

Code: Select all

[copy_replace > copy_replace]
    condition="in_array($query['-table'], array('foo','bar'))"


Hope this helps.

-Steve

[njw]

Hi Steve - next installment

Most are working fine, but export xml does not want to remove itself. I cannot get rid of it either globally (in the conf.ini) or programatically in table.php files.

Any thoughts?

Many thanks

Neil

[shannah]

The export XML action appears as multiple actions. Do a find for "xml" in the actions.ini file to find the other ones.

-Steve

[njw]

I have set to 0:

export_xml
view_xml
related_xml
xml_list

and the icon is still sitting there ...

Thanks

Neil

[shannah]

Can you post a snippet of your actions.ini file (or permissions.ini file whichever way you are trying to accomplish this) so I can take a look.

STeve

[njw]

in conf.ini

Code: Select all

[_prefs]
show_result_stats = 0
hide_record_view_logo=1
hide_nav_menu=0
hide_result_controller=0
hide_search=0
hide_table_result_stats=0
hide_view_tabs=1
show_bread_crumbs=0
export_xml=0
view_xml=0
related_xml=0
xml_list=0


In permissions.ini

Code: Select all

[ALCRO extends READ ONLY]
view = 1
show all = 1
find = 1
navigate = 1
ajax_load = 0
find_list = 1
find_multi_table = 0
rss = 0
export_xml = 0

[ALCEDIT extends ALCRO]
edit = 1
add new related record = 0
add existing related record = 0
add new record = 1
remove related record = 0
reorder_related_records = 0
import = 0
translate = 0
new = 1
ajax_save = 0
history = 0
edit_history = 0
copy = 0
update_set = 1
export_xml = 0


Many thanks

Neil

[shannah]

Ok.. here's the problem.

There are 2 choices for how to disable these actions.
1. Override the actions in the actions.ini file and set visible=0
2. Set the permissions for these actions to 0 in the permissions.ini file.

Probably the best way is with permissions. If you look at the READ ONLY role in the dataface permissions.ini file, it looks like :

Code: Select all

[READ ONLY]
   view = 1
   list = 1
   calendar = 1
   view xml = 1
   show all = 1
   find = 1
   navigate = 1
   ajax_load = 1
   find_list = 1
   find_multi_table = 1
   rss = 1
   export_csv = 1
   export_xml = 1
   export_json = 1


So what we want to do is override this role but remove some of the permissions. So in your permissions.ini file you could do:

Code: Select all

[READ ONLY extends READ ONLY]
   view xml = 0
   rss = 0
   export_csv = 0
   export_xml = 0
   export_json = 0


To disable all exporting features.
(I think the one you were missing was 'view xml', which allows you to see a single record as XML, vs export_xml which allows you to export a set of records as XML.

-Steve