Access to the actual tables follows the permissions correctly... its just the global search index that is giving me problems.
Here is my permissions set up:
permissions.ini
- Code: Select all
[STAFF extends OWNER]
[FINANCE extends STAFF]
manage_build_index=1
manage_output_cache=1
finances.php (access to the finances table, which is indexed, should only be for those with a FINANCE role)
- Code: Select all
function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
// $user is a Dataface_Record encapsulating the currently logged in user.
// first let's deal with the case that the user is not logged in.
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();
if ( $user->val('Role') == 'FINANCE' ) return Dataface_PermissionsTool::ALL();
return Dataface_PermissionsTool::NO_ACCESS();
}
If I rebuild the index from a user logged in the MANAGER role, it shows NO ACCESS, NO ACCESS for the "fincances" tab of the global search results... (for any user)
If I rebuild the index from a user logged in with the FINANCE role, it shows all the finances data in the "fincances" tab of the global search results... (for any user!!! - I want to limit that to only users with the FINANCE role)
Permissions are checked in the ApplicationDelegate.php
- Code: Select all
function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
// if the user is null then nobody is logged in... no access.
// This will force a login prompt.
if ($user->val('Role')<>'')
$role = $user->val('Role');
else
$role = 'READ ONLY';
return Dataface_PermissionsTool::getRolePermissions($role);
// Returns all of the permissions for the user's current role.
}
Thanks!