Permissions, tables, relationships and records.

A place for users and developers of the Xataface to discuss and receive support.

Permissions, tables, relationships and records.

Postby carlof » Tue Oct 25, 2011 12:28 pm

Hello,

I'm trying to put together an application for dissertations. The main tables are: Users (for access), Student, Dissertation, Supervisor, sponsor, contribution (what the sponsor gives). They should be all read only for not registered. Then I thought to have at least 3 roles: Students, Supervisor, administrator. When a student logs in, should be able to access only the student and the dissertation tables and to add contents only to his own student record and student dissertation. Supervisors should instead access the supervisor (only their own record), the sponsor and the contribution tables (edit everything). Admin/manager allowed to do everything.

I have read across the website. Yet, I am struggling to get this. I am stuck at the first step, the student role.
Users( idusers, username, passworld, role) role=ENUM(STudent, supervisor, manager)
Student(idstudent, ......., student_username)

permissions.ini : [STUDENT extends NO ACCESS]
The current state of .../tables/student/student.php
<?
class tables_student {
function getPermissions($record){
$user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
if ( $user and $record and $record->val('student_username') == $user->val('usernameColumn')){
// Give the record owner Edit permissions on the product
$perms = Dataface_PermissionsTool::getRolePermissions('STUDENT');
$perms['new'] = 1;
$perms['edit'] = 1;
$perms['list'] = 1;
//$perms['post'] = 1;
$perms['add new related record'] = 1;
return $perms;

}
// Everybody else gets read only access to the products table.
return Dataface_PermissionsTool::READ_ONLY();
}
function beforeSave($record){
$user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
if ( $user ){
$record->setValue('student_username', $user->val('usernameColumn'));
}
}
}

The $perms is just an attempt. Maybe an array() better? but how? The 'new records' buttons appears but I cannot edit it. Further doubt: to get into the if() I filled in first the student_username field with the one I logged in. Else is empty at first student access, and the I cannot enter the if(). Or am I wrong? SO should the administrator insert mock student records and not only the Users table?

I also experimented in the application delegate with:
/* function getPreferences(){ */
/* $mytable =& Dataface_Table::loadTable('student') ; // load the table named 'my_table' */
/* $auth =& Dataface_AuthenticationTool::getInstance(); */
/* $user =& $auth->getLoggedInUser(); */
/* if ( $user and $user->val('role') != 'ADMIN' ){ */
/* // We apply the security filter to non admin users. */
/* $mytable->setSecurityFilter(array('student_username'=>$user->val('user_id'))); */
/* } */
/* return array(); // Mandatory!! getPreferences() must return array. */
/* } */

I read a bit about filters. May those be the right path?

At the moment I am bit lost and confused on how to get the desired behaviour. Any suggestion, help most appreciated.

Best, Carlo
PS there are relationships between dissertation-student, dissertation-supervisor (2), dissertation-contribution, contribution-sponsor.
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby carlof » Wed Oct 26, 2011 10:08 am

Hello,

I don't understand what I am doing wrong. Why is this is not working?
Code: Select all
<?php
class tables_student {
     function getPermissions(&$record){
        $app =& Dataface_Application::getInstance();
        $query =& $app->getQuery();
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
     //$app->getLoggedInUser();
   // IF user is not logged in, he gets no access
        if (!$user ) {echo "NUll user"; return Dataface_PermissionsTool::NO_ACCESS();}
       
        // Admins get full access
        //if ( $user->val('role') == 'ADMIN' ){echo "Admin user"; return Dataface_PermissionsTool::ALL();}

        // Users can edit their own records
        if ( $record and $record->val('idowner') == $user->val('usernameColumn') )
     {echo $record->val('idowner')." ". $user->val('usernameColumn'); return Dataface_PermissionsTool::ALL();}

        // In all other cases, there is NO ACCESS
        //return Dataface_PermissionsTool::NO_ACCESS();
}
       
function beforeSave($record){
    $user = Dataface_AuthenticationTool::getInstance()->getLoggedInUser();
    if ( $user ){
      $record->setValue('idowner', $user->val('usernameColumn'));
    }
  }
}


NO echo message is visible. the student table stays NO ACESS unless idowner is empty. For the two records with idowner empty is seems I got the ALL(). BUt no echo output. When idowner is the same as the username I logged in it gives me no access. It looks like though $user->val('usernameColumn') is always empty. Yet I don't know own to check-print out its content.

Any help would be greatly appreciated.
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby shannah » Wed Oct 26, 2011 10:21 am

Find out if $user->val('usernameColumn') is empty.
e.g. at the beginning of the method do something like:
Code: Select all
if ( !$user ) echo "No user found";
else {
    echo "User is logged in and username is ".$user->val('usernameColumn');
}
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Permissions, tables, relationships and records.

Postby carlof » Wed Oct 26, 2011 11:44 am

Hi Steve,

Thanks. I've pasted your code at the beginning. First with no user logged in. It prints "no user found" and present me with a login screen. THis seems fine to me. THen I log in and I got the message:

"User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is logged in and username is User is lo ...." in other words it does not echo hte final part .$user->val('usernameColumn'). I tried 'UserName'. Same result. But then I tried 'username' and I got:
" User is logged in and username is carlo_studentUser is logged in and username is carlo_studentUser is logged ". Which seems fine to me. Yet I got the message:
"Errors

Permission to perform action 'list' denied. Requires permission 'list' but only granted 'register'

"
I changed also below to
Code: Select all
if ( $record and $record->val('idowner') == $user->val('username') )
     {echo $record->val('idowner')." ". $user->val('username'); return Dataface_PermissionsTool::ALL();}

The error message disappeared.
Yet, there are still some problems. I cannot list any record. IN particular that owned by the logged in user. I can access the view details. I try to edit. and I got:
Errors

Permission to perform action 'edit' denied. Requires permission 'edit' but only granted 'register'
From there on a cannot access any longer anything of the table dissertation.

Any further suggestion?

Best,
Carlo
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby carlof » Thu Oct 27, 2011 3:33 am

Hello Steve and everybody.

More details:

my permissions.ini
Code: Select all
[STUDENT extends NO ACCESS]

[STUDENT1 extends EDIT]
    ;new=1
    ;list=1
    ;edit=1
    ;update =1   
[SUPERVISOR extends READ ONLY]


In the student table delegate class I currently have something like this:
Code: Select all
   function getPermissions(&$record){
        $app =& Dataface_Application::getInstance();
        $query =& $app->getQuery();
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
     //$app->getLoggedInUser();

   if (!$user ) {echo "NULL user ||";return Dataface_PermissionsTool::NO_ACCESS();}
     
        // Admins get full access
        //if ( $user->val('role') == 'ADMIN' ){echo "Admin user"; return Dataface_PermissionsTool::ALL();}

        // Users can edit their own records
   //echo "idowner is ".  $record->val('idowner');
   
        if ( $record and $record->val('idowner') == $user->val('username') )
     {
       echo 'role before call is '; // .$user->val('role') . "<p>";
       return Dataface_PermissionsTool::getRolePermissions('STUDENT1');}
}


The logged in user is carlo_student. I put a record for him in the student table via phpmyadmin. I try to edit the record and I've got the message 'role before call is', as expected. BUt I also got :
'Errors

Could not update record "NO ACCESS" from table "student" because you have insufficient permissions.'
I thought that what above made sense. Apparently it doesn't. And I'm lost again. PLease help.

Best,

Carlo
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby shannah » Thu Oct 27, 2011 9:39 am

Information overload.
All we need to know is who is logged in. By the looks of your output a user is logged in, but the value in the 'username' column is blank. Look into that.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Permissions, tables, relationships and records.

Postby carlof » Thu Oct 27, 2011 10:24 am

Hello Steve,

Code: Select all
   if ( !$user ) echo "No user found";
    else {
      echo "User is logged in and username is ".$user->val('username') . $user->val('role') ;
    }


gives useranme: carlo_student and role STUDENT. But How to change the role to STUDENT1 for the records that carlo_student owns (and only for them)?

Best,

Carlo
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby shannah » Fri Oct 28, 2011 9:24 am

Code: Select all
if ( $record and $user and $record->val('username') and $record->val('username')==$user->val('username') ){
    return Dataface_PermissionsTool::getRolePermissions('STUDENT1');
}
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Permissions, tables, relationships and records.

Postby carlof » Sat Oct 29, 2011 11:54 am

Hello Steve,

Thank you for your assistance. Your code gave me confidence that Dataface_PermissionsTool::getRolePermissions('STUDENT1') was ok. I thought to be out of the troubles. But it is not so.
When a student logs in to deposit his/her dissertation(s) can be in two states: (0) First time he/she logs in to create his student and dissertation(s) records (1) Other times he/she logs to amend his student record and/or his dissertation(s) records.

To (0) I associated the role STUDENT0.
To (1) the role STUDENT1.
Then I have the role [STUDENT extends NO ACCESS].

Now:

STUDENT0 should not be able to see nor to edit any record in the student table and the related dissertation table. But it should be able to create new record and new related records. No matter how hard I tried these days, I failed repeatedly. Typically, in spite of giving STUDENT0 new=1, add new record =1, edit = 1, list = 0, update = 1, add new related record = 1, edit related record = 1 extending either READ ONLY or NO ACCESS when I press the 'add new record', I am presented with a page that has only the 'save' button. When I press it, I get something like 'error: you need 'new' permission instead you have only : register, new , ...'. Also, if I give the edit=1 to STUDENT0, he can edit the record of the other students.

STUDENT1 should be able to edit only his records and not those of other students. As for STUDENT0, I gave STDENT1 list=0, find=0 to help this. Yet, there is a small windows with the two green arrow on the sides in the details view of the records of the logged in student. So for him/her to edit records of other students could not be easier. I tried again to search on how to remove it. But I am currently a bit tired and frustrated. I am spending so many long days and I'm progressing so little.
Best, Carlo
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby carlof » Mon Oct 31, 2011 4:29 am

Hello Steve and all,

In the attempt to find a way out, I have removed the relationship between Student and Dissertation and focused only on student . Via echo statements, and by observing changes when changing STUDENT0 permission, I am confident that the getRolePermissions(STUDENT0) works. Yet, when I try to add a new record to the table student, no form is shown but only the button 'save'. When I click on 'save', I get " Errors. Permission to perform action 'new' denied. Requires permission 'new' but only granted 'register' ". And this happens even if I set [STUDENT0 extends ADMIN]. In /tables/student, I tried to create an actions.ini but no improvements.

Any idea what I am doing wrong and what should I do?
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am

Re: Permissions, tables, relationships and records.

Postby carlof » Tue Nov 01, 2011 1:16 pm

Hello Steve and all,

Sorry about my persistence, but I am lost. And I don't know what else to try. Here one of my trials:

Code: Select all
[STUDENT extends READ ONLY]
new=0   
list=0
find=0
view=0
[STUDENT0 extends EDIT]
    new=1
    list=1

I login as STUDENT that does not own any previous records. When Dataface_PermissionsTool::getRolePermissions('STUDENT0'); gets called, I got the button for inserting a new record. But when I click on it I cannot actually insert anything. To have the form appearing I have to put new =1 also in STUDENT, which I would like to avoid (else also student with already a record can insert a second record or more). The role STUDENT0 seems activate because if I change in it list=0, then the list button disappears and if I put new=0 the 'new' button disappears. THis is in the table delegate class. IN the application delegate I have removed everything apart from
Code: Select all
         if ( !isset($user) ) return Dataface_PermissionsTool::READ_ONLY();
. All the echos a bit everywhere seem to work.

Any suggestion about what I am doing wrong and/or what I should do?
carlof
 
Posts: 12
Joined: Thu Oct 02, 2008 8:51 am


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 19 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved