 |
Xataface
2.0alpha2
Xataface Application Framework
|
|
Xataface
2.0alpha2
Xataface Application Framework
|
Public Member Functions | |
| __construct ($conf=null) | |
| removeContextMask (Dataface_RelatedRecord $contextRecord) | |
| Removes a related record's permissions from the permissions mask for its destination records. | |
| addContextMask (Dataface_RelatedRecord $contextRecord) | |
| Adds as related record's permissions as a permissions mask for its destination records. Any call to getPermissions() on the destination records will now have their permissions augmented by the relationship permissions defined in the context record. | |
| & | getContextMasks () |
| Obtains a mask of permissions to be laid on top of permissions for particular records or their fields when obtaining their permissions. This enables us to provide modified permissions for records depending on whether it is being accessed via a relationship or not. | |
| getContextMask ($id, $fieldname=null) | |
| Gets the context mask for a particular record id. | |
| getPortalRecordPermissions (Dataface_Record $record, $params=array()) | |
| Wrapper around getContextMask() to get the permissions for a record through the context of a portal. | |
| getPortalFieldPermissions (Dataface_Record $record, $params=array()) | |
| Wrapper around getContextMask() to get the permissions for a record through the context of a portal. | |
| setDelegate ($del) | |
| & | getContext () |
| setContext ($context) | |
| clearContext () | |
| & | PUBLIC_CONTEXT () |
| addPermissions ($conf) | |
| getPermissions (&$obj, $params=array()) | |
| filterPermissions (&$obj, &$perms, $params=array()) | |
| checkPermission ($permissionName, $perms, $params=array()) | |
| view (&$perms, $params=array()) | |
| edit (&$perms, $params=array()) | |
| delete (&$perms, $params=array()) | |
| MASK () | |
| _zero () | |
| _one () | |
| NO_ACCESS () | |
| READ_ONLY () | |
| ALL () | |
| & | READ_EDIT () |
| & | getRolePermissions ($roleName) |
| roleExists ($roleName) | |
| namesAsArray ($permissions) | |
| namesAsString ($permissions) | |
| cachePermissions (&$record, $params, $perms) | |
| getCachedPermissions (&$record, $params) | |
Data Fields | |
| $_cache = array() | |
| $rolePermissions = array() | |
| $permissions = array() | |
| $context = null | |
| $contextMasks = null | |
| $delegate = null | |
Definition at line 301 of file PermissionsTool.php.
| __construct | ( | $conf = null | ) |
Definition at line 323 of file PermissionsTool.php.
| _one | ( | ) |
Definition at line 795 of file PermissionsTool.php.
| _zero | ( | ) |
Definition at line 791 of file PermissionsTool.php.
| addContextMask | ( | Dataface_RelatedRecord | $contextRecord | ) |
Adds as related record's permissions as a permissions mask for its destination records. Any call to getPermissions() on the destination records will now have their permissions augmented by the relationship permissions defined in the context record.
| Dataface_RelatedRecord | $contextRecord | The context record to provide permissions for its destination records. |
Definition at line 385 of file PermissionsTool.php.
| addPermissions | ( | $conf | ) |
Adds permissions as loaded from a configuration file. Key/Value pairs are interpreted as being permission Name/Label pairs and key/Array(key/value) are interpreted as being a role defintion.
Definition at line 650 of file PermissionsTool.php.
| ALL | ( | ) |
Reference to permissions array that has all permissions (view, edit, and delete). !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
Definition at line 832 of file PermissionsTool.php.
| cachePermissions | ( | & | $record, |
| $params, | |||
| $perms | |||
| ) |
Definition at line 922 of file PermissionsTool.php.
| checkPermission | ( | $permissionName, | |
| $perms, | |||
$params = array() |
|||
| ) |
Checks to see if a particular permission is granted in an object or permissions array.
| $permissionName | The name of the permission to check (one of {'view','edit','delete'}) |
| $perms | The object or permissions array to check. It this is an object it must be of type one of {Dataface_Table, Dataface_Record, or Dataface_Relationship}. |
| $params | Optional field name in the case that param #2 is a table or record. |
Definition at line 712 of file PermissionsTool.php.
| clearContext | ( | ) |
Definition at line 633 of file PermissionsTool.php.
| delete | ( | & | $perms, |
$params = array() |
|||
| ) |
Checks to see if an object or permissions array has delete permissions. !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
| $perms | Either an object (Table or Record) or a permissions array. | |
| 2 | Optional name of a field we wish to check (only if $perms is a Table or Record). |
Definition at line 768 of file PermissionsTool.php.
| edit | ( | & | $perms, |
$params = array() |
|||
| ) |
Checks to see if an object or permissions array has edit permissions. !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
| $perms | Either an object (Table or Record) or a permissions array. | |
| 2 | Optional name of a field we wish to check (only if $perms is a Table or Record). |
Definition at line 755 of file PermissionsTool.php.
| filterPermissions | ( | & | $obj, |
| & | $perms, | ||
$params = array() |
|||
| ) |
Definition at line 702 of file PermissionsTool.php.
| getCachedPermissions | ( | & | $record, |
| $params | |||
| ) |
Definition at line 947 of file PermissionsTool.php.
| & getContext | ( | ) |
Definition at line 627 of file PermissionsTool.php.
| getContextMask | ( | $id, | |
$fieldname = null |
|||
| ) |
Gets the context mask for a particular record id.
| string | $id | The record id of the record to get the mask for. |
| string | $fieldname | The optional field name to get the mask for. |
val:boolean) A permissions mask
Definition at line 591 of file PermissionsTool.php.
| & getContextMasks | ( | ) |
Obtains a mask of permissions to be laid on top of permissions for particular records or their fields when obtaining their permissions. This enables us to provide modified permissions for records depending on whether it is being accessed via a relationship or not.
For example, suppose there is a relationship from table A to table B. The user has full permission to table A and no permission for table B, but the user has "view related records" permission on the relationship from A to B. Then a record of B that is related to A should be visible to the user.
This depends on the -portal-context REQUEST parameter in order to work. That parameter should contain a related record ID that should be used to provide a permissions mask. This mask will only apply to the destination records of the specified related record, and the mask only contains those permissions that can be affected by the parent's relationship. This includes:
Suppose we are viewing the record books?book_id=10 but the -portal-context REQUEST parameter provided is:
Further, suppose that the user is granted the 'view related records' and 'edit related records' permissions on the publishers?publisher_id=2 record's books relationship, but no permission to the books?book_id=10 record.
In this example the user will have view and edit permission to the books record because the -portal-context allows it (i.e. it uses the permissions of the related record as a wrapper around the actual record to provide permissions).
In the same way, the context could be used to deny permissions on a record. The portal context gets the final say (i.e. overrides the record's permissions).
Field permissions work similarly. The relationship level permissions specified by the parent record's relationship will not override permissions explicitly set for a field in the target record. However permissions specified for a particular field of the relationship will override the field-level permissions of the target.
For example:
Will result in view being denied on field A of the target table.
But...
Will result in view being granted on field A of the target table.
perm:string => $val:boolean ))
Definition at line 562 of file PermissionsTool.php.
| getPermissions | ( | & | $obj, |
$params = array() |
|||
| ) |
Gets the permissions of an object.
| $obj | A Dataface_Table, Dataface_Record, or Dataface_Relationship record we wish to check. | |
| 2 | Optional field name whose permission we wish to check. |
Definition at line 679 of file PermissionsTool.php.
| getPortalFieldPermissions | ( | Dataface_Record | $record, |
$params = array() |
|||
| ) |
Wrapper around getContextMask() to get the permissions for a record through the context of a portal.
val:boolean)
Definition at line 619 of file PermissionsTool.php.
| getPortalRecordPermissions | ( | Dataface_Record | $record, |
$params = array() |
|||
| ) |
Wrapper around getContextMask() to get the permissions for a record through the context of a portal.
val:boolean)
Definition at line 607 of file PermissionsTool.php.
| & getRolePermissions | ( | $roleName | ) |
Returns the permissions that are assigned to a certain role. This allows a set of permissions to be grouped together and returned by getPermissions() methods. A role is essentially just a list of permissions that are associated with the name of the role. Roles can be defined in the permissions.ini files which are located in any table configuration folder, the application folder, or the dataface folder. Try to place the roles in the appropriate folder based on what it is most closely related to. For example, if the role is specifically related to one table then place it in the permissions.ini file for that table, but if it is more general you can place it in the permissions.ini file for the application. This will allow for better modularization and re-use of useful table definitions between applications. The goal here is to allow you to distribute your tables to others so that they can be added easily to other applications. If everything relating to the table is located in one folder then this becomes much easier.
| $roleName | The name of the role. |
Definition at line 875 of file PermissionsTool.php.
| MASK | ( | ) |
Definition at line 774 of file PermissionsTool.php.
| namesAsArray | ( | $permissions | ) |
Returns a list of names of granted permissions in a given permissions array.
Definition at line 901 of file PermissionsTool.php.
| namesAsString | ( | $permissions | ) |
Returns comma-delimited list of names of granted permissions in a given permissions array.
Definition at line 918 of file PermissionsTool.php.
| NO_ACCESS | ( | ) |
Reference to static NO ACCESS permissions array.
Definition at line 802 of file PermissionsTool.php.
| & PUBLIC_CONTEXT | ( | ) |
Definition at line 637 of file PermissionsTool.php.
| & READ_EDIT | ( | ) |
Reference to permissions array that has read and edit access (but not delete). !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
Definition at line 848 of file PermissionsTool.php.
| READ_ONLY | ( | ) |
Reference to permissions array that have only view permissions. !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
Definition at line 815 of file PermissionsTool.php.
| removeContextMask | ( | Dataface_RelatedRecord | $contextRecord | ) |
Removes a related record's permissions from the permissions mask for its destination records.
| Dataface_RelatedRecord | $contextRecord | The related record that is being removed. |
Definition at line 351 of file PermissionsTool.php.
| roleExists | ( | $roleName | ) |
Definition at line 893 of file PermissionsTool.php.
| setContext | ( | $context | ) |
Definition at line 628 of file PermissionsTool.php.
| setDelegate | ( | $del | ) |
Definition at line 623 of file PermissionsTool.php.
| view | ( | & | $perms, |
$params = array() |
|||
| ) |
Checks to see if an object or permissions array has view permissions. !! NOTE THAT THIS METHOD IS DEPRECATED AS OF VERSION 0.6 . PLEASE USE !! getRolePermissions() instead.
| $perms | Either an object (Table or Record) or a permissions array. | |
| 2 | Optional name of a field we wish to check (only if $perms is a Table or Record). |
Definition at line 742 of file PermissionsTool.php.
| $_cache = array() |
Definition at line 304 of file PermissionsTool.php.
| $context = null |
Definition at line 316 of file PermissionsTool.php.
| $contextMasks = null |
Definition at line 318 of file PermissionsTool.php.
| $delegate = null |
Definition at line 321 of file PermissionsTool.php.
| $permissions = array() |
Associative array of the loaded permissions. [Permission name] -> [Permission Label].
Definition at line 314 of file PermissionsTool.php.
| $rolePermissions = array() |
An associative array of role permissions available. [Role Name] -> array([Permission Name] -> [Allowed (0 or 1)])
Definition at line 309 of file PermissionsTool.php.
1.8.1.2
