"My preferences" not working

A place for users and developers of the Xataface to discuss and receive support.

"My preferences" not working

Postby Byte » Tue Jul 21, 2009 1:21 pm

Hi Steve,

I keep finding nasty things...
When I click on the "My Profile" link I keep getting this info:
"Permission denied because this table has been disallowed in the conf.ini file".

The thing is that I included the users table in the conf.ini to be able to see it, but my guess is that using a table as permission table locks it somehow?

The problem is that nobody can even change their passwords and as Super-Admin I can't see all registered users. Is there any smart way to solve that?

Thanks
Byte
 
Posts: 13
Joined: Thu Jul 16, 2009 3:48 am

Postby shannah » Tue Jul 21, 2009 2:30 pm

What is the name of your users table?
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby Byte » Tue Jul 21, 2009 11:33 pm

"dataface__users", so that it matches the other df-tables schema...
Byte
 
Posts: 13
Joined: Thu Jul 16, 2009 3:48 am

Postby shannah » Tue Jul 21, 2009 11:43 pm

Ok that's why. Xataface has a security mechanism built in to prevent access to tables that start with dataface__. You can override this with the [_allowed_tables] section in your conf.ini file.

See http://xataface.com/documentation/how-t ... low_tables

In your case you would do

Code: Select all
[_allowed_tables]
rule1=dataface__users
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby Byte » Tue Jul 21, 2009 11:45 pm

Hi Steve,

After your question I immediately tried to rename the table and it worked :-)
But I will use your "workaround" and it will work just fine.

Another related question: I don't want the regular users to change their role, but as Admin I want to be able to do that. I am sure you already have a great piece of code/advice for doing that...
Byte
 
Posts: 13
Joined: Thu Jul 16, 2009 3:48 am

Postby shannah » Wed Jul 22, 2009 9:30 am

Xataface gives you fine grained permissions over individual fields by way of the permissions__fieldname() methods.

e.g.

Code: Select all
function permissions__role(&$record){
    if ( !isAdmin() ) return array('edit'=>0,'new'=>0);
    return null;
}


This snippet assumes that you have defined a function somewhere that tells whether the current user is an admin (isAdmin()).

If the user is not an admin it returns an array that says that the user cannot edit this field - nor can they edit it on the new form.

For admin users this returns null, meaning just use the default permissions (as defined in the getPermissions() method or elsewhere.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby Byte » Wed Jul 22, 2009 11:24 am

works great, thanks a lot!
Byte
 
Posts: 13
Joined: Thu Jul 16, 2009 3:48 am


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 15 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved