Datagrid Open_basedir restriction

[ge11er]

Steve

Can you point me in the right direction to correct this error.

Cheers
Graham



Warning: is_readable() [function.is-readable]: open_basedir restriction in effect. File(/var/www/vhosts/eatout.co.im/httpdocs/xataface-1.1.2/../../xataface-1.1.2/modules/DataGrid-0.2/actions/login_prompt.php) is not within the allowed path(s): (/var/www/vhosts/eatout.co.im/httpdocs:/tmp) in /var/www/vhosts/eatout.co.im/httpdocs/xataface-1.1.2/Dataface/Application.php on line 968

[shannah]

Thanks... this is something that will have to be corrected for future versions. One step is to do a fine in the Dataface/Application.php and Dataface/ConfigTool.php files for "file_exists", (i.e. find anywhere that file_exists() is called, and suppress errors. I.e. change

Code: Select all

file_exists(...)


to

Code: Select all

@file_exists(...)


[ge11er]

The user has ADMIN access and is able to view/edit/update/insert records but the datagrid tab is not available.

All installation requirements are met. Tables have been created.

Any pointers?

[shannah]

By 'ADMIN' access, does that mean that you have given the user the 'ADMIN' role:

Code: Select all

return Dataface_PermissionsTool::getRolePermissions('ADMIN');


or something else?

[ge11er]

Sorry but its been a while since using Xataface.. the user has been given an'ADMIN' role.

[shannah]

What does your getPermissions() method look like?

The key is that your user must have the DataGrid:view permission in order to see the datagrid tab. The "ADMIN" role should have this by default.

[ge11er]

Hi Steve

This is it...

function getPermissions(&$record){

$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$app =& Dataface_Application::getInstance();
$query =& $app->getQuery();
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();

if (is_null($record) && $user->val('Role') == 'ADMIN' ) return Dataface_PermissionsTool::ALL();
if ( $query['-action'] == 'new')
return Dataface_PermissionsTool::ALL();

if ( !($record)) {
return Dataface_PermissionsTool::READ_ONLY();
}

if ($record->val('UserID') == $user->val('UserID') ) return Dataface_PermissionsTool::ALL();
return Dataface_PermissionsTool::READ_ONLY();
}


Graham

[shannah]

This is strange. The DataGrid:view permission should be included with any call to Dataface_PermissionTool::ALL() .

One possibility is that this case:

Code: Select all

if ( !($record)) {
return Dataface_PermissionsTool::READ_ONLY();
}


is taken effect when checking for the datagrid permission. Try changing that rule to return ALL() as well and see if it makes a difference.

[ge11er]

My ApplicationDelegate.php previously posted appears to be denying me permission to insert a new record using DataGrid method whereas in normal operation it works fine.

When inserting a new record a default value defined in 'fields.ini' is not picked up using DataGrid method ( disabled ApplicationDelegate.php to get things going)

Any help much appreciated.

[shannah]

Try modifying your getPermissions() method as follows:

Code: Select all

function getPermissions(&$record){

$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$app =& Dataface_Application::getInstance();
$query =& $app->getQuery();
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();

if ( $user->val('Role') == 'ADMIN' ) return Dataface_PermissionsTool::ALL();
else if ($record and $user and $record->val('UserID') == $user->val('UserID') ){
     return Dataface_PermissionsTool::ALL();
}
else {
    $perms = Dataface_PermissionsTool::READ_ONLY();
    $perms['new'] = 1;
    return $perms;
}


return Dataface_PermissionsTool::READ_ONLY();

}


English iterpretation:
1. Admins can do everything.
2. Record owners can do everything to the records that they own.
3. Regular users get read only access plus they can add new records.

Your previous getPermissions method worked as follows:
1. Admins can do everything that does NOT pertain to a particular record.
2. Regular users can do everything if the current action is 'new' (which is not the case when adding new records through the grid).
3. Regular users get READ ONLY access in contexts that do NOT pertain to a particular record.
4. Record owners get all permissions to record that they own.
5. Otherwise users get read only access.

This previous rules were kind of convoluted and make it hard to predict how the system would act.

-Steve