how to handle multiple ADMIN roles in database

A place for users and developers of the Xataface to discuss and receive support.

how to handle multiple ADMIN roles in database

Postby rleyba » Mon Oct 24, 2011 3:15 am

Hi Steve,

I have implemented authentication and access roles in my Xataface system and I have a requirement to have multiple Administrators. They have unique login names.....say AMShiftAdmin and PMShiftAdmin. It is all acceptable if the Administrators can change/reset passwords of other users but I want to implement a mechanism wherein if the logged in user is say AMShiftAdmin, he must NOT be able to change or alter the attributes of PMShiftAdmin user in the Users table.

Do you have a snippet of how this might be done?

Thanks very much.
rleyba
 
Posts: 53
Joined: Sat Dec 04, 2010 3:50 pm

Re: how to handle multiple ADMIN roles in database

Postby shannah » Mon Oct 24, 2011 1:57 pm

So you want these guys to both be able to do everything *except* change information about each other?

You probably want to implement permissions on the users table that restricts "edit" access on any records with role=Admin.
e.g.

Code: Select all
function getPermissions($record){
    if ( isAdmin() ){
        if ( $record->val('role') == 'ADMIN' and $record->val('username') != getUser()->val('username') ){
            return Dataface_PermissionsTool::READ_ONLY();
        }
    }
    return null;
}


Note the isAdmin() and getUser() functions don't exist... they are used as shorthand here so you get the idea of what is going on here.

What this essentialy says is:
If the current user is an admin, and the record in question is an ADMIN user account other than the current user, then we grant read only access.

Otherwise, returning null (for all other cases) just defers to the permissions defined in the application delegate class.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 20 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved