Permissions: USER role for sign-up

A place for users and developers of the Xataface to discuss and receive support.

Postby dal » Wed Aug 23, 2006 11:06 am

I'm trying to set-up a Sign-up form for users to register on a typical USERS table. I'd like to have it such that they can Add a new record, and also edit their own information. The 'USER' role seems to fit the bill for this from the documentation (http://framework.weblite.ca/documentation/tutorial/getting_started/permissions/). But I'm getting an error when calling Dataface_PermissionsTool.

Fatal error: Call to undefined method Dataface_PermissionsTool::user()

The other roles, READ_ONLY(), ADMIN(), work fine.


Here's the code...

class tables_users {

function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::USER();
// if the user is null then nobody is logged in... no access.
// This will force a login prompt.
$role = $user->val('role');
return Dataface_PermissionsTool::getRolePermissions($role);
// Returns all of the permissions for the user's current role.
}

}
dal
 
Posts: 8
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Wed Aug 23, 2006 12:13 pm

Hi Dalcon,

There is no Dataface_PermissionsTool::USER() method. The ALL(), NO_ACCESS(), and READ_ONLY() methods are convenience methods for those common roles, but for a general role, you will need to do:

Dataface_PermissionsTool::getRolePermissions('user');

Hope this helps.

Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby dal » Wed Aug 23, 2006 2:23 pm

Gotcha, Thanks. I realized what I need now is to define my own role and permissions for certain types of users. I found that the default 'USER' role, does not have permission for the 'new' action...so I need a new role such that visitors would be able to register themselves (ie. add a new users record).
dal
 
Posts: 8
Joined: Wed Dec 31, 1969 5:00 pm

Postby marionjoe » Thu Jul 26, 2007 10:28 pm

Gotcha, Thanks. I realized what I need now is to define my own role and permissions for certain types of users. I found that the default 'USER' role, does not have permission for the 'new' action...so I need a new role such that visitors would be able to register themselves (ie. add a new users record).



hi dal and all:

dal, if you have found a solution, could you write it up here, and also perhaps on your
DATFACE HOMEPAGE? http://framework.weblite.ca/Members/dal
marionjoe
 
Posts: 6
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Thu Jul 26, 2007 11:22 pm

See the conf.ini in the webauction demo for an example of how to add registration to your app.
http://demo.weblite.ca/source-browser.php?-path=webauction

i.e. just add allow_register=1 to the [_auth] section of your conf.ini file.

You also need to make sure that public users have the 'new' permission for this to work.

-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby marionjoe » Sat Jul 28, 2007 12:46 am

hi steve and all:

how do i create a different role?

the role would need to enable

a person who registers to
1 create a new record which they then "own"

2 edit and delete their "owned" record and only their "own" record


thankyou


marion
marionjoe
 
Posts: 6
Joined: Wed Dec 31, 1969 5:00 pm

Postby marionjoe » Sat Jul 28, 2007 12:48 am

oo and just rememberd

this role would also enable ALL users to see ALL RECORDS

marion
marionjoe
 
Posts: 6
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Sat Jul 28, 2007 11:13 am

how do i create a different role?


Add a permissions.ini file to your application directory. You can add new roles by adding new sections to this file. E.g.

Code: Select all
[OWNER extends EDIT AND DELETE]


The syntax means that you are creating a new role named 'OWNER' that inherits all the permissions of the 'EDIT AND DELETE' role.

You can check out the permissions.ini file in the dataface directory to see what existing roles there are to inherit from.

If you wanted to customize the role to NOT allow delete, you could do:
Code: Select all
[OWNER extends EDIT AND DELETE]
delete=0


If you wanted to create a role that was read only, but could also create new records you would do something like:
Code: Select all
[MY ROLE extends READ ONLY]
new=1


So for the problem at hand, you have identified 2 roles:
1. REGISTERED - any registered user can read or create new roles.
2. OWNER - the owner of a record can edit and delete that record.

So you would have something like:

Code: Select all
[OWNER extends EDIT AND DELETE]

[REGISTERED extends READ ONLY]
new=1



The next thing you have to do is reference these roles from inside your getPermissions() method.
Code: Select all
function getPermissions(&$record){
    $auth=& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $auth->isLoggedIn() ){
        return Dataface_PermissionsTool::getRolePermissions('REGISTERED');
    } else if ( $record and $user and $record->val('owner_id') == $user->val('user_id') ){
        return Dataface_PermissionsTool::getRolePermissions('OWNER');
    } else {
        return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
    }
}


Note that this snippet assumes that you have a field in your table called 'owner_id' that references the user that created the record. You can populate this field using a beforeInsert() trigger:
Code: Select all
function beforeInsert(&$record){
    $auth =& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    $record->setValue('owner_id', $user->val('user_id'));
}


Hope this helps.

-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Sat Jul 28, 2007 11:18 am

Whoops.. the example getPermissions() method won't work as desired because it handles the permissions for registered users before it handles permissions for owners. Since owners are always registered, the method will never even get to handle the owner case. Change to:
Code: Select all
function getPermissions(&$record){
    $auth=& Dataface_AuthenticationTool::getInstance();
    $user =& $auth->getLoggedInUser();
    if ( $record and $user and $record->val('owner_id') == $user->val('user_id') ){
        return Dataface_PermissionsTool::getRolePermissions('OWNER');
    } else if ( $auth->isLoggedIn() ){
        return Dataface_PermissionsTool::getRolePermissions('REGISTERED');
    } else {
        return Dataface_PermissionsTool::getRolePermissions('READ ONLY');
    }

}
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby dclijste » Fri Sep 07, 2007 6:57 am

thanks, ik works (as usually ;))!

However, as it seems to be clear to understand, there is one thing I don't. where is the data saved?
I thought this would be saved in the records table under owner_id, but this stays NULL. When i edit this data through dataface (the same user, owner in this case) to the owner id (I made a nice dropdown list with all owners) I get the following error message:


Errors

* Permission to perform action 'edit' denied. Requires permission 'edit' but only granted '1,1,1,1,1,1,1,1,1'

the field owner_id is changed to the user_id I added, but the Owner can no longer edit this record again (in other words, he is not the owner anymore).

the thing I want to create is that admins can change the owner and all users can see who is the owner and ofcourse the owner himself can edit the record..
dclijste
 
Posts: 11
Joined: Wed Dec 31, 1969 5:00 pm

Postby dclijste » Fri Sep 07, 2007 9:03 am

OK, This permission denied comes after 'succesfull' and is given beceause dataface wants to go back to "edit field" but lost his permission.

the only question which persists: where is this information being saved?
dclijste
 
Posts: 11
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Fri Sep 07, 2007 3:53 pm

I may not be understanding the question.Ê I think you are asking where the owner_id value that we set in the trigger gets saved.Ê It gets saved in the same record in the same table.Ê If it is not then the trigger isn't working the way we want.

I know there was a bug that showed up only in PHP 4 that caused some triggers not to be picked up.



Check the Dataface/IO.php file in your version.Ê Look for the fireEvent() method.Ê If it contains a call to the call_user_func() function, then you will need to replace the function with this one:

function fireEvent($name, &$record){ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $delegate =& $this->_table->getDelegate();
ÊÊÊ ÊÊÊ if ( $delegate !== null and method_exists($delegate,$name) ){
ÊÊÊ ÊÊÊ ÊÊÊ $res =& $delegate->$name($record);
ÊÊÊ ÊÊÊ ÊÊÊ if ( PEAR::isError( $res ) ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $res->addUserInfo(
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ df_translate(
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ 'scripts.Dataface.IO.fireEvent.ERROR_WHILE_FIRING',
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ "Error while firing event '$name' on table '".$this->_table->tablename."' in Dataface_IO::write() on line ".__LINE__." of file ".__FILE__,
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ array('name'=>$name,'tablename'=>$this->_table->tablename, 'line'=>__LINE__,'file'=>__FILE__)
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ )
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ );
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ return $res;
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $app =& Dataface_Application::getInstance();
ÊÊÊ ÊÊÊ $res = $app->fireEvent($name, array(&$record, &$this));
ÊÊÊ ÊÊÊ if ( PEAR::isError($res) ) return $res;
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ return true;
ÊÊÊ
ÊÊÊ }



And that should get the trigger working properly.

--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby dclijste » Sat Sep 08, 2007 10:37 am

My problem!
I asked for user_id instead of userid which gave NULL and since only the new added records wasn't owned by anyone this was the only record recongized by the loggedin user (which was also NULL)
dclijste
 
Posts: 11
Joined: Wed Dec 31, 1969 5:00 pm

Re: Permissions: USER role for sign-up

Postby barryrs » Thu Feb 24, 2011 7:48 am

Steve,

I think this broke something...
> Ability to add a new record to a table // Deprecated.. see if this breaks anything!!
> ;;add new record = Add New Record

Tried to add 'Owner permissions to the users table... successfully removed the ability to delete records, but for the life of me, I can't get rid of the ability to add new records...

if ( $user->val('UserName') == $record->val('UserName'))
return Dataface_PermissionsTool::getRolePermissions('OWNER');

I can say this, creating a brand new role with specific permissions seems to work, but the OWNER role wont remove the new permission..... here's my (app)->permissions.ini

[OWNER extends EDIT AND DELETE]
navigate = 0
new = 0
add new record = 0
add new related record = 0
delete found = 0
delete = 0
delete found = 0
delete selected = 0






[OWNER1]
navigate = 0
new = 0
add new record = 0
add new related record = 0
delete found = 0
delete = 0
delete found = 0
delete selected = 0
view in rss=1
view = 1
link = 1
list = 1
calendar = 1
view xml = 1
show all = 1
find = 1
ajax_load = 1
find_list = 1
find_multi_table = 1
rss = 1
export_csv = 1
export_xml = 1
export_json = 1
view related records=1
related records feed=1
expandable=1
edit = 1
add new record = 1
reorder_related_records = 1
import = 1
translate = 1
ajax_save = 1
ajax_form = 1
history = 1
edit_history = 1
update_set = 1
update_selected=1
select_rows = 1

Thanks for a great app!!! -Barry-
barryrs
 
Posts: 14
Joined: Tue Feb 15, 2011 11:37 am

Re: Permissions: USER role for sign-up

Postby shannah » Sat Feb 26, 2011 1:07 pm

Did the forum strip some of your getPermissions() method? Can you post the whole method? My guess is that there's a problem in there somewhere.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 14 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved