A place for users and developers of the Xataface to discuss and receive support.
by HWT » Tue Dec 29, 2009 12:17 pm
I'm new to Xataface and try to set a small DB to administer members of a alumni assocation. I need a 1:n relationship for members to activities. So i tried both the ini-style and the SQL-style way - Code: Select all
[betaetigung] __sql__ = "SELECT * FROM betaetigung WHERE Mitgliedsnummer='$Mitgliedsnummer'"
In the view perspective of the details of one row I can see the associated rows, but when clicking on the newly displayed tab I get a Permission denied: * You don't have permission to view this relationship. For permissions I only adopted the simple example from the tutorial so far but the problem existed also without custom permissions. I'm testing Xataface with the most current XAMPPlite package which uses PHP5.3.1 (I commented line 44 in dataface-public-api.php to supress the deprecated warnings as I found in one thread here). Have you an idea, what I made wrong? Thanks!
-
HWT
-
- Posts: 7
- Joined: Tue Dec 29, 2009 12:02 pm
by shannah » Wed Dec 30, 2009 11:07 am
What was on line 44 that you commented? It might have been critical.
Strange that without custom permissions you get this permission denied message. Default permissions are full permissions.
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by HWT » Sat Jan 02, 2010 6:17 am
Line 44 activates the custom error reporting: - Code: Select all
error_reporting(E_ALL^E_NOTICE);
I disabled this (according to a thread somewhere here) not to get these loads of compatibility warnings of PHP 5.3.1 I guess that shouldn't be the main problem. Anyway I haven't found the mistake so far. Do you have a clou where the thing might go wrong? Maybe I need to provide furtehr information, but don't know what...
-
HWT
-
- Posts: 7
- Joined: Tue Dec 29, 2009 12:02 pm
by shannah » Sat Jan 02, 2010 10:03 am
OK.. That's fine.
The permissions problem doesn't make sense to me if it is occurring when no custom permissions have been defined. Default permissions are full permissions so you shouldn't ever see a permission denied error if you're not customizing permissions in some way.
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by HWT » Sat Jan 02, 2010 12:55 pm
Hm, to me to. What can I try?
-
HWT
-
- Posts: 7
- Joined: Tue Dec 29, 2009 12:02 pm
by shannah » Sat Jan 02, 2010 3:37 pm
Can you post your conf.ini, application delegate, and relevant table delegate classes?
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by 00Davo » Sun Jan 03, 2010 2:21 am
I'm having exactly the same issue, so my conf.ini might be handy. - Code: Select all
[_database] host = localhost name = *** user = *** password = *** [_tables] student = Students tutor = Tutors parent = Parents class = Classes
I don't really see what in here's going to cause such an issue. Also, I don't know what the delegate classes are. I haven't edited any PHP files, so I believe they're still defaults.
-
00Davo
-
- Posts: 55
- Joined: Sat Jan 02, 2010 9:02 pm
by shannah » Sun Jan 03, 2010 2:42 am
how about the relationships.ini file?
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by 00Davo » Sun Jan 03, 2010 3:14 am
shannah wrote:how about the relationships.ini file?
Which one? I have a few... tables/Class/relationships.ini - Code: Select all
[Students] Student.Class = "$ID"
tables/Student/relationships.ini - Code: Select all
[Parents] Parent.ID = Family.ParentID Family.StudentID = "$ID"
tables/Parent/relationships.ini - Code: Select all
[Students] Student.ID = Family.StudentID Family.ParentID = "$ID"
-
00Davo
-
- Posts: 55
- Joined: Sat Jan 02, 2010 9:02 pm
by HWT » Sun Jan 03, 2010 7:21 am
conf.ini - Code: Select all
[_database] host = "localhost" user = "***" password = "***" name = "alumnidb"
[_tables] mitglied = "mitglied" betaetigung = "betaetigung"
[_auth] users_table = Users username_column = UserName password_column = Password
ApplicationDelegate (haven't created table delegates so far): - Code: Select all
<?php /** * A delegate class for the entire application to handle custom handling of * some functions such as permissions and preferences. */ class conf_ApplicationDelegate { /** * Returns permissions array. This method is called every time an action is * performed to make sure that the user has permission to perform the action. * @param record A Dataface_Record object (may be null) against which we check * permissions. * @see Dataface_PermissionsTool * @see Dataface_AuthenticationTool */ function getPermissions(&$record){ $auth =& Dataface_AuthenticationTool::getInstance(); $user =& $auth->getLoggedInUser(); if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS(); // if the user is null then nobody is logged in... no access. // This will force a login prompt. $role = $user->val('Role'); return Dataface_PermissionsTool::getRolePermissions($role); // Returns all of the permissions for the user's current role. } } ?>
relationships.ini of "mitglied" - Code: Select all
[betaetigungen] betaetigung.Mitgliedsnummer = "$Mitgliedsnummer"
Columnname are german so might sound weird to you, but anything else seems to be standard for me.
-
HWT
-
- Posts: 7
- Joined: Tue Dec 29, 2009 12:02 pm
by 00Davo » Mon Jan 04, 2010 6:34 pm
It's not really a proper solution, but if you comment out line 15 in /xataface/actions/related_records_list.php, it works fine. - Code: Select all
//if ( !@$perms['view related records'] ) return Dataface_Error::permissionDenied('You don\'t have permission to view this relationship.');
The reason why this isn't a proper solution is that if you have permissions implemented, they'll be ignored when it comes to related records.
-
00Davo
-
- Posts: 55
- Joined: Sat Jan 02, 2010 9:02 pm
by shannah » Mon Jan 04, 2010 6:48 pm
If you add the following just before that line, what is the output? - Code: Select all
print_r($perms);
I'm curious if it isn't picking up any of the permissions or just some of them.
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by 00Davo » Mon Jan 04, 2010 6:49 pm
Adding that line reveals the following messages above the Xataface interface. - Code: Select all
Array ( [view] => 1 [link] => 1 [rss] => 1 [list] => 1 [calendar] => 1 [edit] => 1 [new] => 1 [select_rows] => 1 [post] => 1 [copy] => 1 [update_set] => 1 [update_selected] => 1 [record] => 1 [delete] => 1 [selected] => 1 [found] => 1 [all] => 1 [records] => 1 [feed] => 1 [find] => 1 [import] => 1 [export_csv] => 1 [export_xml] => 1 [export_json] => 1 [translate] => 1 [history] => 1 [edit_history] => 1 [navigate] => 1 [reorder_related_records] => 1 [ajax_save] => 1 [ajax_load] => 1 [ajax_form] => 1 [find_list] => 1 [find_multi_table] => 1 [register] => 1 [xml_view] => 1 [xml] => 1 [manage_output_cache] => 1 [manage_migrate] => 1 [manage] => 1 [manage_build_index] => 1 [install] => 1 [expandable] => 1 )
-
00Davo
-
- Posts: 55
- Joined: Sat Jan 02, 2010 9:02 pm
by shannah » Mon Jan 04, 2010 6:56 pm
Thanks.. that's interesting... it's like it's not picking up the view related record permission.
If you check the permissions.ini file, can you confirm that there is a permission listed for 'view related record'?
-
shannah
-
- Posts: 4457
- Joined: Wed Dec 31, 1969 5:00 pm
by 00Davo » Mon Jan 04, 2010 6:59 pm
Looks like there is. - Code: Select all
view related records=1
Here's the whole file, just in case. - Code: Select all
;;First we will list the permissions and their associated labels.
;; view : Allowed to view an element view = View
;; link : Allowed to access the link to a record link = Link
view in rss = View record as part of RSS feed
;; list : Allowed to see the list tab list = List
calendar = calendar
;; edit : Allowed to edit information in an element edit = Edit
;; new : Create a new record new = New
;; select_rows : Allows to select rows in the result set to perform actions ;; to them select_rows = Select Rows
;; post : Post a record using HTTP post post = Post
;; Access to the Copy action copy = Copy
;; Access to update set action update_set = Update Set
update_selected=Update selected records
;; Ability to add a new related record to a relationship of a record. add new related record = Add New Related Record
;; Ability to add an existing related record to a relationship of a record. add existing related record = Add Existing Related Record
;; delete: Allowed to delete a record delete = Delete
;; Ability to delete selected records from the database. delete selected = Delete selected
;; Ability to add a new record to a table // Deprecated.. see if this breaks anything!! ;;add new record = Add New Record
;; Access to delete found records (the delete found records menu option) delete found = Delete Found
;; Access to the show all action (to show all records in a table) show all = Show All
;; Access to remove a related record from a relationship. This does not ;; delete the related record from the database - just from the relationship. remove related record = Remove Related Record
;; Access to delete a related record from the database. This permission ;; will override delete access of the actual related record to provide ;; some elevated permissions for the owner of the parent record. delete related record = Delete Related Record
;; View the records of a relationship view related records = View related records
;; Access to RSS feed for related records related records feed = Related Records RSS Feed
;; Access to the "find" tab find = Find
;; Ability to import records import = Import
;; Ability to export records in CSV format export_csv = Export CSV
;; Ability to export records as XML export_xml = Export XML
;; Ability to export records as JSON export_json = Export JSON
;; Ability to translate records translate = translate
;; Ability to see history information history = View history information
edit_history = Edit history information
;; Ability to navigate through the records of this table. navigate = Navigate
;; Ability to reorder the records in a relationship reorder_related_records = Reorder related records
ajax_save = AJAX Save ajax_load = AJAX Load ajax_form = AJAX Form
find_list = Search current table find_multi_table = Perform multi-table searches
register = Register
rss = RSS
xml_view = XML View ;; This should not be confused with view xml. This is ;; more of a management permission for a more complex ;; XML action. view xml = View XML ;; This permission allows a record to be viewed as XML ;; It corresponds with the xml_feed action - but ;; works on individual records - rather than the entire ;; action
manage_output_cache = "Manage Output Cache" manage_migrate = "Manage Migrations" manage = "Manage Site" manage_build_index="Manage Build Search Index" install = "Install and update applications. Administrator only" expandable = "Whether the record can be expanded in the left nav menu"
;;============================================================================= ;; ;; Roles : ;; -------- ;; ;; The following are roles. Roles are basically just grouped permissions ;; that allow you to easily assign a group of permissions to an action or ;; record. ;; ;; Guidelines for Roles: ;; --------------------- ;; Role names should be in all caps (to differentiate them from permissions), ;; and cannot contain any commas or punctuation of any kind. ;; You can "extend" another role with the "extends" keyword. For example: ;; [READ] ;; view = 1 ;; ;; [EDIT] ;; edit = 1 ;; ;; [READ AND EDIT extends READ, EDIT] ;; ;; In the above example, we defined a READ role and an EDIT role. Then we ;; defined a "READ AND EDIT" role that extends READ and EDIT. What this means ;; is that the READ AND EDIT role contains all of the permissions contained ;; in the READ permission and the EDIT permission, and allows other permissions ;; to be added also.
[NO ACCESS] register=1
;;------------------------------------------------------------------------------ ;; The READ ONLY role is allowed to view records and perform the show all ;; and find actions. Basically, anything that doesn't require making changes ;; is allowed with the READ ONLY permission
[READ ONLY] view in rss=1 view = 1 link = 1 list = 1 calendar = 1 view xml = 1 show all = 1 find = 1 navigate = 1 ajax_load = 1 find_list = 1 find_multi_table = 1 rss = 1 export_csv = 1 export_xml = 1 export_json = 1 view related records=1 related records feed=1 expandable=1
;;------------------------------------------------------------------------------ ;; The EDIT role extends the READ ONLY role so that anyone who can edit can also ;; READ. It is pretty far reaching, as it provides permissions to edit records, ;; and manipulate the records' relationship by adding new and existing records ;; to the relationship.
[EDIT extends READ ONLY] edit = 1 add new related record = 1 add existing related record = 1 add new record = 1 remove related record = 1 reorder_related_records = 1 import = 1 translate = 1 new = 1 ajax_save = 1 ajax_form = 1 history = 1 edit_history = 1 copy = 1 update_set = 1 update_selected=1 select_rows = 1
;;------------------------------------------------------------------------------ ;; The DELETE role extends the EDIT role but adds the ability to delete ;; records and related records also. Notice that the EDIT permission allows ;; the removal of related records but not the deletion of the records. This is ;; relevant with ONE TO MANY relationships in which a record can only be removed ;; if the related record is deleted.
[DELETE extends EDIT] delete = 1 delete found = 1 delete selected = 1
;;------------------------------------------------------------------------------ ;; The EDIT AND DELETE role is basically an alias of the DELETE role.
[EDIT AND DELETE extends EDIT, DELETE]
;;------------------------------------------------------------------------------ ;; The OWNER role is encapsulates the permissions that the owner of a record ;; should have. It allows full access to the current record, but not necessarily ;; full access to the table.
[OWNER extends EDIT AND DELETE] navigate = 0 new = 0 delete found = 0
;;------------------------------------------------------------------------------ ;; The REVIEWER role contains a subset of the EDIT role. It basically just allows ;; editing of the record itself, but not adding or removing related records.
[REVIEWER extends READ ONLY] edit = 1 translate = 1
;;------------------------------------------------------------------------------ ;; The USER role allows for reading and adding new related records. This would ;; be useful for users to be able to add comments to the comments relationship ;; but not be able to edit the record itself. [USER extends READ ONLY] add new related record = 1
;;------------------------------------------------------------------------------ ;; The ADMIN role allows full acccess .. kind of like ALL [ADMIN extends EDIT AND DELETE] xml_view=1
[WEB SERVICE BROWSER extends READ ONLY] xml_view=1
[WEB SERVICE ADMIN extends WEB SERVICE BROWSER, ADMIN]
[MANAGER extends ADMIN] manage=1 manage_output_cache=1 manage_migrate=1 manage_build_index=1 install = 1
You're being very, very helpful, incidentally. Thank you.
-
00Davo
-
- Posts: 55
- Joined: Sat Jan 02, 2010 9:02 pm
Return to Xataface Users
Who is online
Users browsing this forum: No registered users and 6 guests
|