Accessing records based upon username login

A place for users and developers of the Xataface to discuss and receive support.

Accessing records based upon username login

Postby sworden » Thu Feb 16, 2012 9:17 am

I have set up my database and am trying to figure out how to allow access to records in tables based upon the username used when logging in. For example, my login is an admin, so I can see and edit everything. I would like to be able to set it up so that when a student logs in he can see records that pertain to him/her, but no one else. I would also like the student to be able to view anything that pertains to him, but he would only be able to edit his contact info.

Also, I would like to set it up so that an instructor can see info for all students, but can only edit/input info for a student that he is mentoring. How do I accomplish these goals?
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby samhans » Thu Feb 16, 2012 12:27 pm

its easy define security filter in your table delegate class . for that you have to make ownerid column in your table.
you have asked lot many questions , segregate it so that it could be replied easily.


samhans
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: Accessing records based upon username login

Postby sworden » Thu Feb 16, 2012 1:31 pm

Yes, it is a lot of questions, but in retrospect they all appear to center around "how do I set up a security filter?". I think I can start to figure out the rest.
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby samhans » Fri Feb 17, 2012 12:04 pm

security filters can brower set up by declaring function either in table delegate class. or you can also specify it by application delegate class.

there is a tutorial in wiki to set security filters.
if you face Any problem after that then come back.

samhans
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: Accessing records based upon username login

Postby sworden » Wed Mar 14, 2012 10:38 am

OK, when using this function:

function getPreferences(){
$mytable =& Dataface_Table::loadTable('applicants') ; // load the table named 'applicants'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('rol') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('owner_id'=>$user->val('user_id'));

}
return array(); // Mandatory!! getPreferences() must return array.
}

where do the owner_id and user_id values come from? The table I'm restricting access to, or the table that stores the log-in information? I have a "username" field in the "users" table (the table that stores log-in usernames and passwords) and an "applicants_id" field in the "applicants" table which is the unique identifier for that table.

Thanks.
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby samhans » Wed Mar 14, 2012 10:51 am

owner id should be a field in your table in which you are restricting access.
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Re: Accessing records based upon username login

Postby sworden » Wed Mar 14, 2012 11:07 am

Thanks. Where does "user_id" come from?
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby shannah » Wed Mar 14, 2012 11:12 am

In your case, the owner_id field is in the table you're restricting access to and the user_id field is from the users table.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Accessing records based upon username login

Postby sworden » Wed Mar 14, 2012 11:39 am

shannah wrote:In your case, the owner_id field is in the table you're restricting access to and the user_id field is from the users table.

-Steve


When I set them up this way (or any other combination that I've tried) I try to log-in and once I've input my username and password it looks like the log-in sequence hangs up on the index.php file (I just get a blank screen and the url says "http://www.povpc.org/cpm/index.php"). This happens whether I log-in with my admin account or a read-only account that I set up to test this. Right now I have the "username" field in the "users" table and the "applicants_id" field in the "applicants" table. Do I need to have both fields in the same record in one of these tables? Is that why I'm getting the blank screen?

Here is how I set up the function:

function getPreferences(){
$mytable =& Dataface_Table::loadTable('applicants') ; // load the table named 'applicants'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('rol') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('applicants_id'=>$user->val('username'));

}
return array(); // Mandatory!! getPreferences() must return array.
}
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby sworden » Thu Mar 15, 2012 7:03 am

I changed the table I'm restricting to the "transcripts" table so that I could at least get logged in (and changed "applicants" in the function to "transcripts" after I made a transcripts.php file in the "transcripts" folder). This is what shows up in the url when I click on the transcripts tab:

http://www.povpc.org/cpm/index.php?-table=transcripts

and the screen is blank.

Something doesn't appear to be loading correctly. Any ideas?
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby shannah » Thu Mar 15, 2012 8:39 am

Check your error log
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Accessing records based upon username login

Postby sworden » Thu Mar 15, 2012 9:21 am

The error log is saying it doesn't like the ; in the line "$mytable->setSecurityFilter(array('APPLICANTS_ID'=>$user->val('USERNAME'));"

function getPreferences(){
$mytable =& Dataface_Table::loadTable('transcripts') ; // load the table named 'transcripts'
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( $user and $user->val('ROLE') != 'ADMIN' ){
// We apply the security filter to non admin users.
$mytable->setSecurityFilter(array('APPLICANTS_ID'=>$user->val('USERNAME'));

}
return array(); // Mandatory!! getPreferences() must return array.
}

I tried taking it out just to see what would happen. Then it doesn't like the } that follows. These seem to be standard programming text, so what could be causing the problem?

Thanks for your help. I'm very new to PHP.
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby shannah » Thu Mar 15, 2012 9:42 am

Count the open parentheses and closing parentheses. You're missing a closing parenthesis.
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Accessing records based upon username login

Postby sworden » Thu Mar 15, 2012 10:00 am

Thanks! Now that I've got that fixed I'm getting a fatal error:

[15-Mar-2012 09:47:09] PHP Fatal error: Class 'tables_transcripts' not found in /home/povpc11/public_html/xataface/Dataface/Table.php on line 1116

From the Table.php file (the last line is line 1116):

function _loadDelegate(){

if ( $this->_hasDelegateFile() ){

import( $this->_delegateFilePath() );
$delegate_name = "tables_".$this->tablename;
$this->_delegate = new $delegate_name();
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: Accessing records based upon username login

Postby samhans » Thu Mar 15, 2012 10:10 am

have you defined the table class properly, check it again. you might have given wrong name to the class file
samhans
 
Posts: 96
Joined: Fri Feb 10, 2012 1:22 am

Next

Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 7 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved