 |
Xataface
2.0alpha2
Xataface Application Framework
|
|
Xataface
2.0alpha2
Xataface Application Framework
|
The API of available methods that can be defined in a table delegate class. More...
Initialization | |
| init (Dataface_Table $table) | |
| Called after a table is loaded for the first time each request. | |
| getDelegate () | |
| Returns an alternate object to be used as the delegate. This is handy for module developers to allow application developers to override module-defined delegates with application-defined delegates. | |
Permissions | |
| getPermissions (Dataface_Record $record) | |
| Returns associative array of permissions that should be granted to the current user on this record. | |
| getRoles (Dataface_Record $record) | |
| Returns one or more roles that are to be granted to the current user for the specified record. | |
| __field__permissions (Dataface_Record $record) | |
| Returns default permissions for all fields of the given record to be granted to the current user. | |
| __field__roles (Dataface_Record $record) | |
| Returns the roles for all fields of the given record to be granted to the current user. | |
| fieldname__permissions (Dataface_Record $record) | |
| Returns the permissions for a particular field of the given record. | |
| fieldname__roles (Dataface_Record $record) | |
| Returns the roles for a particular field of the given record. | |
| rel_relationshipname__permissions (Dataface_Record $record) | |
| Returns the permissions for a particular relationship of the given record. | |
| rel_relationshipname__roles (Dataface_Record $record) | |
| Returns the roles for a particular relationship of the given record. | |
| no_access_link (Dataface_Record $record, $params=array()) | |
| Returns the link that should be returned by Dataface_Record::getURL() if the user isn't granted the 'link' permission on the given record. | |
| no_access_text (Dataface_Record $record, $params=array()) | |
| Returns the text that should be returned by Dataface_Record::display() if the user doesn't have 'view' permission for the record. | |
Record Metadata | |
| getTitle (Dataface_Record $record) | |
| Returns the record's title. This is used in Xataface to return the title of a record when the Dataface_Record has been loaded into memory already. It returns a string that can be used as the title of a record and takes a Dataface_Record object as a parameter - hence it can draw on any information in the record to form the effective title. | |
| titleColumn () | |
| Returns an SQL expression (that is valid for a column in a select clause) denoting the column(s) that comprise the title of records in this table. This may return a single column name or it may make use of SQL functions like CONCAT() to compose a title from multiple columns. | |
| getURL (Dataface_Record $record, $params=array()) | |
| Returns the URL of the given record. | |
| getLastModified (Dataface_Record $record) | |
| Returns the Unix timestamp representing the last modification time of the given record. | |
| getDescription (Dataface_Record $record) | |
| Returns a brief description of this record for use in lists, RSS feeds, and more. | |
| getCreator (Dataface_Record $record) | |
| Returns the name of the user who created this record (i.e. the record author). | |
| getPublicLink (Dataface_Record $record) | |
| Returns the publicly accessible URL for a given record. | |
| getBreadCrumbs (Dataface_Record $record) | |
| Returns the breadcrumbs to a given record. | |
| getChildren (Dataface_Record $record) | |
| Returns the records that are considered to be children of the given record. | |
Field Filters | |
| fieldname__display (Dataface_Record $record) | |
| Overrides the display of the specified field name for the given record. | |
| fieldname__format ($value) | |
| Formats the output value of a particular field. In constrast to fieldname__display() this does not take the Dataface_Record as a parameter. As such it can be used to format arbitrary values in a consistent way. If you don't need information from the record when formatting a value for display, it is preferred to use this method since it is more generic. | |
| fieldname__toString (Dataface_Record $record) | |
| Overrides the string value of specified field for a given record. | |
| fieldname__htmlValue (Dataface_Record $record) | |
| Overrides the HTML display value of a field for a given record. | |
| fieldname__parse ($value) | |
| Overrides the parsing behavior for normalizing a field value. This will dictate how values are transformed when being added to the record via setValue() | |
| fieldname__serialize ($value) | |
| Serializes a field value to prepare it for insertion into an SQL query. | |
| fieldname__default () | |
| Returns the default value for a specified field when new records are inserted. | |
| fieldname__link (Dataface_Record $record) | |
| Provides a link to obtain more information about a field on the edit form. | |
| fieldname__pushValue (Dataface_Record $record, HTML_QuickForm_element $el) | |
| Retrieves the field value from a form widget in a format that can be inserted into a record using the Dataface_Record::setValue() method. | |
| fieldname__pullValue (Dataface_Record $record, HTML_QuickForm_element $el) | |
| Retrieves the value for a field from a record in a format that can be set in a form widget. | |
Calculated Fields | |
| field__fieldname (Dataface_Record $record) | |
| Defines a calculated field that can be used just like any other field in the table. | |
Record Triggers | |
| beforeSave (Dataface_Record $record) | |
| Trigger called before a record is saved. | |
| afterSave (Dataface_Record $record) | |
| Trigger called after a record is saved. | |
| beforeInsert (Dataface_Record $record) | |
| Trigger called before a record is inserted into the database for the first time. | |
| afterInsert (Dataface_Record $record) | |
| Trigger called after a record is inserted into the database for the first time. | |
| beforeUpdate (Dataface_Record $record) | |
| Trigger called before a record is updated. | |
| afterUpdate (Dataface_Record $record) | |
| Trigger called after a record is updated. | |
| beforeDelete (Dataface_Record $record) | |
| Trigger called before a record is deleted. | |
| afterDelete (Dataface_Record $record) | |
| Trigger called after a record is deleted. | |
| beforeAddExistingRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before an "existing" related record is added to a relationship. | |
| afterAddExistingRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after an "existing" related record is added to a relationship. | |
| beforeAddNewRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before a "new" related record is added to a relationship. | |
| afterAddNewRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a "new" related record is added to a relationship. | |
| beforeAddRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called before a related record is added to a relationship (either new or existing). | |
| afterAddRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is added to a relationship (either new or existing). | |
| beforeRemoveRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is removed from a relationship. | |
| afterRemoveRelatedRecord (Dataface_RelatedRecord $record) | |
| Trigger called after a related record is removed from a relationship. | |
| afterCopy (Dataface_Record $original, Dataface_Record $copy) | |
| Trigger called after a record is copied. | |
Action Triggers | |
| after_action_edit ($params=array()) | |
| Trigger fired after the 'edit' action has completed successfully. | |
| after_action_new ($params=array()) | |
| Trigger fired after the 'new' action has completed successfully. | |
| after_action_delete () | |
| Trigger fired after the 'delete' action has completed successfully. | |
Template Customization | |
| block__blockname (array $params=array()) | |
| Fills a block or slot in a template when operating in the context of the delegate class's table. | |
| getSearchTarget (array $action) | |
| Returns the name of an action that should be used as the target action of a search performed from the current context. In past releases searches would always go to the list action. This gives you the ability to override this behavior with your own custom action depending on the circumstances. | |
List Tab Cutomization | |
| css__tableHeaderCellClass ($colname) | |
| Returns a CSS class to be added to the table header cell (th tag) for a specified column of the table in list view. | |
| css__tableRowClass (Dataface_Record $record) | |
| Returns a CSS class to be added to the table row (tr tag) for the specified record in list view. | |
| fieldname__renderCell (Dataface_Record $record) | |
| Overrides the display of a table cell for a field in list view. | |
| renderRow (Dataface_Record $record) | |
| Overrides the display of a table row in list view. | |
| renderRowHeader (Dataface_Record $record) | |
| Overrides the headings row for the list view table. | |
View Tab Customization | |
| section__sectionname (Dataface_Record $record) | |
| Defines a new section on the view tab. | |
Full-text Search | |
| getSearchableText (Dataface_Record $record) | |
| Returns the indexable text to be used for the full-text site search feature. | |
RSS Feed Customization | |
| getFeedItem (Dataface_Record $record) | |
| Returns a data structure with the contents to be included in the RSS feed. | |
| getFeed (array $query) | |
| Returns data structure with settings for the RSS feed as a whole. | |
| getFeedSource (array $query) | |
| Returns the source URL for the RSS feed that is generated by the given query. | |
| getRelatedFeed (Dataface_Record $record, $relationship) | |
| Returns details about a feed of related records. This overrides the feed details for related feeds. | |
| getRSSDescription (Dataface_Record $record) | |
| Overrides the description or body of a record as it is displayed in an RSS feed. | |
XML Output Customization | |
| toXML (Dataface_Record $record) | |
| Overrides the XML output of a record as it would appear in Xataface's export_xml action. | |
| getXMLHead (Dataface_Record $record) | |
| Returns XML content to be included at the beginning of the XML representation of this record. | |
| xmlTail (Dataface_Record $record) | |
| Returns XML content to be included at the end of the XML representation of this record. | |
Valuelist Customization | |
| valuelist__valuelistname () | |
| Defines a valuelist on the table. | |
Importing Records | |
| __import__filtername ($data, array $defaults) | |
| Defines an import filter that can be used to import records into the table. | |
Table Settings | |
| __sql__ () | |
| Defines an SQL query that should be used for loading data from this table. | |
Form Validation | |
| fieldname__validate (Dataface_Record $record, $value, array &$params) | |
| Validates form input for a field. | |
The API of available methods that can be defined in a table delegate class.
| __field__permissions | ( | Dataface_Record | $record | ) |
Returns default permissions for all fields of the given record to be granted to the current user.
| Dataface_Record | $record | The record that is subject of these permissions. |
Implementing the fieldpermissions() method in your delegate class allows you to define the default permissions that should be applied to each field of the table.
Setting field defaults can be important if you want, for example, only certain fields to be editable, but all other fields to be read only. In such a case you would need to set the record-level permissions to allow editing (in order for users to even access the 'edit' action), then set the default field permissions to read only using the fieldpermissions() method, then set the permissions of only the editable fields to be editable by implementing fieldname__permissions() methods for each of those fields.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
Consider the following table 'people':
And our application is using the following 'users' table to store our user accounts.
And let's assume that we intend for the people.username field to represent the username of the user who "owns" the people record. (i.e. it has an implicit foreign key to users.username.
Now, suppose we want to implement the following permission structure:
In tables/people/people.php:
In this getPermissions() method we define 3 levels of users:
Things to notice here:
If we only implemented the getPermissions() method as above, record "owners" would be able to view and edit all fields in their own people record. In fact we only want them to be able to edit the "bio" field, and we don't want them to be able to see the admin_comments field.
We implement the fieldpermissions() method to limit their access to these fields:
Also in the tables/people/people.php file:
In this fieldpermissions() method we first defer admin users to their normal record level permissions because we don't wish to modify their permissions in any way at the field level (they can already do everything and that's how we like it).
For users who own a record, we return permissions array that explicitly disallows only those permissions that we want to disallow. Notice that it wouldn't be sufficient here to return Dataface_PermissionsTool::READ_ONLY() because that would return only an array of the permissions that the user is explicitly allowed - and since the result of this method is simply overlaid on top of the record level permissions it wouldn't cause any permissions granted at that level to be overridden. Hence we need to explicitly disallow the permissions here.
Another way to do this might be to start with a base of Dataface_PermissionsTool::NO_ACCESS() and then simply set 'view' = 1. However this would disallow some other 'view-ish' permissions that you may have wanted.
In tables/people/people.php:
This looks almost the same as our fieldpermissions() method except that we are allowing the edit permission on the field for record owners.
At this point we have almost everything the way we want it except that record owners can still see the admin comments field - but we want this to be private for administrators.
So we implement the admin_comments__permissions() method:
| __field__roles | ( | Dataface_Record | $record | ) |
Returns the roles for all fields of the given record to be granted to the current user.
| Dataface_Record | $record | The record that is subject of this query. |
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
| __import__filtername | ( | $data, | |
| array | $defaults | ||
| ) |
Defines an import filter that can be used to import records into the table.
| string | $data | The input data that the user has uploaded. This may be in any format - you need to parse it. |
| array | $defaults | The default values that should be inserted into the fields of the newly inserted records if the import doesn't explicitly specify the values to insert. |
| __sql__ | ( | ) |
Defines an SQL query that should be used for loading data from this table.
| after_action_delete | ( | ) |
Trigger fired after the 'delete' action has completed successfully.
| array | Associative array of context variables including 'record' which is the Dataface_Record that was just deleted. |
| after_action_edit | ( | $params = array() | ) |
Trigger fired after the 'edit' action has completed successfully.
| array | $params | Some context parameters. This includes a the key 'record' which refers to the Dataface_Record object that was just successfully edited and saved. |
| after_action_new | ( | $params = array() | ) |
Trigger fired after the 'new' action has completed successfully.
| array | Associative array of context variables including 'record' which is the Dataface_Record that was just inserted. |
| afterAddExistingRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called after an "existing" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that was added. |
| afterAddNewRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called after a "new" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that was added. |
| afterAddRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called after a related record is added to a relationship (either new or existing).
| afterCopy | ( | Dataface_Record | $original, |
| Dataface_Record | $copy | ||
| ) |
Trigger called after a record is copied.
| Dataface_Record | $original | The original record. |
| Dataface_Record | $copy | The copied record. |
| afterDelete | ( | Dataface_Record | $record | ) |
Trigger called after a record is deleted.
| Dataface_Record | $record | The record that was deleted. |
| afterInsert | ( | Dataface_Record | $record | ) |
Trigger called after a record is inserted into the database for the first time.
| Dataface_Record | $record | The record that is being inserted. |
| afterRemoveRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called after a related record is removed from a relationship.
| Dataface_RelatedRecord | $record | The related record that has been removed. |
| afterSave | ( | Dataface_Record | $record | ) |
Trigger called after a record is saved.
| Dataface_Record | $record | The record that was saved. |
| afterUpdate | ( | Dataface_Record | $record | ) |
Trigger called after a record is updated.
| Dataface_Record | $record |
| beforeAddExistingRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called before an "existing" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that is being added. |
| beforeAddNewRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called before a "new" related record is added to a relationship.
| Dataface_RelatedRecord | $record | The related record that is being added to a relationship. |
| beforeAddRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called before a related record is added to a relationship (either new or existing).
| Dataface_RelatedRecord | $record | The record that is being added. |
| beforeDelete | ( | Dataface_Record | $record | ) |
Trigger called before a record is deleted.
| Dataface_Record | $record | The record that is being deleted. |
| beforeInsert | ( | Dataface_Record | $record | ) |
Trigger called before a record is inserted into the database for the first time.
| Dataface_Record | $record | The record that is being inserted. |
| beforeRemoveRelatedRecord | ( | Dataface_RelatedRecord | $record | ) |
Trigger called after a related record is removed from a relationship.
| Dataface_RelatedRecord | $record | The related record that is being removed. |
| beforeSave | ( | Dataface_Record | $record | ) |
Trigger called before a record is saved.
| Dataface_Record | $record | The record being saved. |
| beforeUpdate | ( | Dataface_Record | $record | ) |
Trigger called before a record is updated.
| Dataface_Record | $record |
| block__blockname | ( | array | $params = array() | ) |
Fills a block or slot in a template when operating in the context of the delegate class's table.
| array | $params | Associative array of key-value pairs passed to the block containing context information. |
| css__tableHeaderCellClass | ( | $colname | ) |
Returns a CSS class to be added to the table header cell (th tag) for a specified column of the table in list view.
| string | $colname | The name of the table column. |
| css__tableRowClass | ( | Dataface_Record | $record | ) |
Returns a CSS class to be added to the table row (tr tag) for the specified record in list view.
| Dataface_Record | $record | The subject record. |
| field__fieldname | ( | Dataface_Record | $record | ) |
Defines a calculated field that can be used just like any other field in the table.
| Dataface_Record | $record | The subject record. |
| fieldname__default | ( | ) |
Returns the default value for a specified field when new records are inserted.
| fieldname__display | ( | Dataface_Record | $record | ) |
Overrides the display of the specified field name for the given record.
| Dataface_Record | $record | The record whose data is to be displayed. |
fieldname then it is preferred to implement the fieldname__format() method.| fieldname__format | ( | $value | ) |
Formats the output value of a particular field. In constrast to fieldname__display() this does not take the Dataface_Record as a parameter. As such it can be used to format arbitrary values in a consistent way. If you don't need information from the record when formatting a value for display, it is preferred to use this method since it is more generic.
| string | $value | The value that is to be formatted. |
| fieldname__htmlValue | ( | Dataface_Record | $record | ) |
Overrides the HTML display value of a field for a given record.
| Dataface_Record | $record | The subject record. |
| fieldname__link | ( | Dataface_Record | $record | ) |
Provides a link to obtain more information about a field on the edit form.
| Dataface_Record | $record | The subject record. |
| fieldname__parse | ( | $value | ) |
Overrides the parsing behavior for normalizing a field value. This will dictate how values are transformed when being added to the record via setValue()
| mixed | $value | The input value. |
When Dataface_Record::setValue() is called to set the value in a field, it first tries to parse and normalize the value. Xataface has built-in parsers that work according to the type of column. However you may wish to write your own parser by implementing this method.
Any fieldname__parse() implementations must be idempotent. I.e. it must be the case that fieldname__parse(fieldname__parse($val)) == fieldname__parse($val)
This is because we need to be able to set values in fields without worrying about the value being modified by the simple act of setting the field value.
Since the fieldname__toString() method, if implemented, would be used to produce the value that is displayed in form widgets, the fieldname__parse() method must be able to handle the result of fieldname__toString() and be able to normalize it since it is effectively the inverse operation of fieldname__toString().
| fieldname__permissions | ( | Dataface_Record | $record | ) |
Returns the permissions for a particular field of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method can be implemented to define fine-grained permissions on a particular field of the database. It can be helpful if you want to override the record-level permissions (getPermissions() or the default field permissions ( fieldpermissions() ) with specific permissions for this field. See the flowchart below for details of how field-level permissions are resolved in Xataface.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
Please see the documentation for fieldexamples() for a thorough example of how to define fine-grained field-level permissions using this method.
| fieldname__pullValue | ( | Dataface_Record | $record, |
| HTML_QuickForm_element | $el | ||
| ) |
Retrieves the value for a field from a record in a format that can be set in a form widget.
| Dataface_Record | $record | The record from which the field value is being pulled. |
| HTML_QuickForm_element | $el | The form element for which the form value should be formatted. |
| fieldname__pushValue | ( | Dataface_Record | $record, |
| HTML_QuickForm_element | $el | ||
| ) |
Retrieves the field value from a form widget in a format that can be inserted into a record using the Dataface_Record::setValue() method.
This method is the inverse of fieldname__pullValue().
| fieldname__renderCell | ( | Dataface_Record | $record | ) |
Overrides the display of a table cell for a field in list view.
| Dataface_Record | $record | The subject record. |
| fieldname__roles | ( | Dataface_Record | $record | ) |
Returns the roles for a particular field of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method is the analog of the fieldname__permissions() method except that it returns roles instead of permissions. The roles returned by this method are resolved to permissions and laid over the record-level permissions to obtain the effective field permissions.
It is rare to implement both the fieldname__roles() and the fieldname__permissions() method in the same delegate class. If this happens, though the fieldname__permissions() will take precedence.
The following flowchart shows the flow of control Xataface uses to determine the field-level permissions for a field in a record.
E.g. To define custom roles for a field named 'invoice_number':
Or to apply multiple roles:
| fieldname__serialize | ( | $value | ) |
Serializes a field value to prepare it for insertion into an SQL query.
| mixed | $value | The field value that is to be serialized. |
| fieldname__toString | ( | Dataface_Record | $record | ) |
Overrides the string value of specified field for a given record.
| Dataface_Record | $record | The subject record. |
| fieldname__validate | ( | Dataface_Record | $record, |
| $value, | |||
| array & | $params | ||
| ) |
Validates form input for a field.
@param Dataface_Record $record The record encapsulating the record we are validating. Note that the values of this object correspond with the submitted values from the form, and not necessarily the actual values of the record in the database.
@param string $value The submitted value that is being validated.
@param array &$params An output array to pass meta-information out in case of failure. This allows only one possible key to be set: 'message'.
@return boolean True if validation succeeds (i.e. $value is a valid input). False otherwise.
@section Examples
@code
function myfield__validate(&$record, $value, &$params){
if ( $value != 'Steve' ){
$params['message'] = 'Sorry you must enter "Steve"';
return false;
}
return true;
}
| getBreadCrumbs | ( | Dataface_Record | $record | ) |
Returns the breadcrumbs to a given record.
| Dataface_Record | $record | The record to which the breadcrumbs apply. |
| getChildren | ( | Dataface_Record | $record | ) |
Returns the records that are considered to be children of the given record.
| Dataface_Record | $record | The parent record for which children are being returned. |
| getCreator | ( | Dataface_Record | $record | ) |
Returns the name of the user who created this record (i.e. the record author).
| Dataface_Record | $record |
| getDelegate | ( | ) |
Returns an alternate object to be used as the delegate. This is handy for module developers to allow application developers to override module-defined delegates with application-defined delegates.
| getDescription | ( | Dataface_Record | $record | ) |
Returns a brief description of this record for use in lists, RSS feeds, and more.
| Dataface_Record | $record | The record for which the description applies. |
| getFeed | ( | array | $query | ) |
Returns data structure with settings for the RSS feed as a whole.
| array | $query | The query parameters for the request. |
If elements are omitted from the data structure that is returned from this method, Xataface will use default values for each field. The following table describes the values that Xataface will use as defaults in this case:
| Key | Default Value |
|---|---|
| title |
|
| description | description directive of the [_feed] section of the conf.ini file. |
| link |
|
| syndicationURL |
|
| getFeedItem | ( | Dataface_Record | $record | ) |
Returns a data structure with the contents to be included in the RSS feed.
| Dataface_Record | $record | The subject record. |
Note that if keys are omitted from this array, default values will be used by Xataface when building the RSS feed. In fact you could even return an empty array from this method in which case Xataface would fill in all of the values itself.
The following table shows where Xataface will pull default values if keys are omitted from the array that is returned from this method.
| Key | Default Value |
|---|---|
| title | Dataface_Record::getTitle() |
| description | getRSSDescription() if defined. Otherwise it will display an HTML table showing all data in the record (subject to permissions). |
| link | Dataface_Record::getPublicLink() |
| date | |
| author |
|
| source |
|
| getFeedSource | ( | array | $query | ) |
Returns the source URL for the RSS feed that is generated by the given query.
| array | $query | The query parameters that produced the feed. |
This method will override any information returned by the getFeed() method with respect to the source of the feed.
| getLastModified | ( | Dataface_Record | $record | ) |
Returns the Unix timestamp representing the last modification time of the given record.
| Dataface_Record | $record | The $record whose lastModified time we are checking. |
| getPermissions | ( | Dataface_Record | $record | ) |
Returns associative array of permissions that should be granted to the current user on this record.
| Dataface_Record | $record | The record on which we are granting permissions. Note that this parameter may be null if permissions are being checked on the table in general so you must be able to handle null inputs for this value. |
The following flowchart shows the flow of control Xataface uses to determine the record-level permissions for a record. (click here to enlarge):
Allow logged in users full permissions, and everyone else no access.
In this example we assume that our 'users' table has a 'role' column to track a user's role. In our case if the 'role' is 'ADMIN', then the user is considered to be an admin. Otherwise they are just a regular user.
It is recommended to define a getPermissions() method in the application delegate class that is very restrictive (i.e. no access for anyone except super-administrators) and then explicitly open up access to individual tables as necessary for other users.
e.g. In conf/ApplicationDelegate.php
Then suppose we want to open up the people table to allow logged in users to have read only access.
In tables/tables/people.php
| getPublicLink | ( | Dataface_Record | $record | ) |
Returns the publicly accessible URL for a given record.
| Dataface_Record | $record | The record to which the URL refers. |
| getRelatedFeed | ( | Dataface_Record | $record, |
| $relationship | |||
| ) |
Returns details about a feed of related records. This overrides the feed details for related feeds.
| Dataface_Record | $record | The subject record (the parent of the related records). |
| string | $relationship | The name of the relationship. |
If elements are omitted from the data structure that is returned from this method, Xataface will use default values for each field. The following table describes the values that Xataface will use as defaults in this case:
| Key | Default Value |
|---|---|
| title | An auto-generated title. Generally {relationship_name} of Dataface_Record::getTitle() |
| description | Auto-generated title. Something like: Related Records of Dataface_Record::getTitel() |
| link | The URL to the related list of this feed. |
| syndicationURL | The URL to the related list of this feed. |
| getRoles | ( | Dataface_Record | $record | ) |
Returns one or more roles that are to be granted to the current user for the specified record.
@param Dataface_Record $record The record on which the roles are to be granted.
@return mixed Either a string with a single role or an array of strings representing
roles that are assigned to the current user on the given record.
@since 1.0
@section Synopsis
This method can be implemented as an alternative to getPermissions() for the purpose
of defining record-level permissions. A "role" is a set of permissions that are grouped
together. This allows us to group together related permissions into easy-to-use sets
and refer to them by their 'role' name.
Roles are defined in the <a href="http://www.xataface.com/wiki/permissions.ini_file">permissions.ini file</a>, and Xataface comes with several
pre-defined roles. These built-in roles are listed in the table below:
<table>
<tr>
<th>Role Name</th>
<th>Description</th>
<th>Definition</th>
<th>Since</th>
</tr>
<tr>
<td>NO ACCESS</td>
<td>A contains only the 'register' permission.
@attention This is NOT the same as Dataface_PermissionsTool::NO_ACCESS(). Dataface_PermissionsTool::NO_ACCESS() explicitly denies all permissions in the system, whereas the 'NO ACCESS' role simply does not explicitly <em>grant</em> any permissions except register. This is an important distinction when dealing with field-level permissions since field permissions are applied as a mask over record-level permissions.
</td>
<td>
@code
[NO ACCESS]
register=1
@endcode
</td>
<td>0.6</td>
</tr>
<tr>
<td>READ ONLY</td>
<td>Includes all view-ish permissions - for viewing records. This includes viewing records in list view, details view, XML export, RSS feeds, etc..</td>
<td>
@code
[READ ONLY]
view in rss=1
view = 1
link = 1
list = 1
calendar = 1
view xml = 1
show all = 1
find = 1
navigate = 1
ajax_load = 1
find_list = 1
find_multi_table = 1
rss = 1
export_csv = 1
export_xml = 1
export_json = 1
view related records=1
related records feed=1
expandable=1
@endcode
</td>
<td>0.6</td>
</tr>
<tr>
<td>EDIT</td>
<td>Includes all permissions for viewing and editing records.</td>
<td>
@code
[EDIT extends READ ONLY]
edit = 1
add new related record = 1
add existing related record = 1
add new record = 1
remove related record = 1
reorder_related_records = 1
import = 1
translate = 1
new = 1
ajax_save = 1
ajax_form = 1
history = 1
edit_history = 1
copy = 1
update_set = 1
update_selected=1
select_rows = 1
0.6
DELETE
Permission to view, edit, and delete records.
0.6
MANAGER
Edit and delete permissions as well as permission to access the control panel and management functions of the application.
0.6
Since this method simply provides an alternate way to define permissions, you generally would not define both methods in the same delegate class, but if you did implement both the getRoles() method would take priority of over the getPermissions() method.
The following flowchart shows the flow of control Xataface uses to determine the record-level permissions for a record. (click here to enlarge):
Consider the getPermissions() method below:
This is equivalent to the getRoles() method:
The getRoles() version is much more succinct as it just allows us to return the name of the role that is granted, rather than having to resolve the permissions for that role.
It is also possible to grant multiple roles, in which case the resulting permissions would be the union of the granted roles (where the last role listed takes precendent).
| getRSSDescription | ( | Dataface_Record | $record | ) |
Overrides the description or body of a record as it is displayed in an RSS feed.
| Dataface_Record | $record | The subject record. |
The default behavior of the Xataface RSS feed is to layout all permitted fields in an HTML table and include that table in the RSS feed. If you want to customize this behavior you can implement this method to return exactly what you want to appear in the body of the RSS feed item.
| getSearchableText | ( | Dataface_Record | $record | ) |
Returns the indexable text to be used for the full-text site search feature.
| Dataface_Record | $record | The subject record. |
| getSearchTarget | ( | array | $action | ) |
Returns the name of an action that should be used as the target action of a search performed from the current context. In past releases searches would always go to the list action. This gives you the ability to override this behavior with your own custom action depending on the circumstances.
| array | $action | The action definition to check (this would be the source action). |
| getTitle | ( | Dataface_Record | $record | ) |
Returns the record's title. This is used in Xataface to return the title of a record when the Dataface_Record has been loaded into memory already. It returns a string that can be used as the title of a record and takes a Dataface_Record object as a parameter - hence it can draw on any information in the record to form the effective title.
| Dataface_Record | $record | The record whose title we are returning. |
| getURL | ( | Dataface_Record | $record, |
$params = array() |
|||
| ) |
Returns the URL of the given record.
| Dataface_Record | $record | The record whose URL we are returning. |
| array | $params | The query parameters to include in the generated URL. |
| getXMLHead | ( | Dataface_Record | $record | ) |
Returns XML content to be included at the beginning of the XML representation of this record.
| Dataface_Record | $record | The subject record. |
| init | ( | Dataface_Table | $table | ) |
Called after a table is loaded for the first time each request.
If you want to adjust table-wide settings, this is a good place to do it. E.g. for security filters, and modification of the configuration.
| Dataface_Table | $table | The table object that was just loaded. |
| no_access_link | ( | Dataface_Record | $record, |
$params = array() |
|||
| ) |
Returns the link that should be returned by Dataface_Record::getURL() if the user isn't granted the 'link' permission on the given record.
| Dataface_Record | $record | The record that is subject of this query. |
| no_access_text | ( | Dataface_Record | $record, |
$params = array() |
|||
| ) |
Returns the text that should be returned by Dataface_Record::display() if the user doesn't have 'view' permission for the record.
| Dataface_Record | $record | The record that is subject of this query. |
| array | $params | Associative array of extra parameters. One such parameter is the 'field' parameter which is the name of the field for which the text is to be displayed. |
| rel_relationshipname__permissions | ( | Dataface_Record | $record | ) |
Returns the permissions for a particular relationship of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
This method, if implemented, returns a permissions mask to apply to a particular relationship in the given record. For example if we want to specifically allow adding related records to one relationship but not other relationships.
There are only a few specific permissions that pertain to relationships and these are the only ones that have any effect when returned from this method.
These permissions include:
| Permission Name | Description |
|---|---|
| add new related record | Permission to add new records to the relationship. |
| add existing related record | Permission to add existing records to the relationship. |
| related records feed | Permission to view the RSS feed for the related records. |
| remove related record | Permission to remove a record from the relationship. This is only applicable to many-to-many relationships as this doesn't include permission to delete the record from the database, only to sever the relationship. |
| delete related record | Permission to delete a related record (delete it from the database). |
| view related records | Permission to view the related records list. If this is denied, then the related records tab won't be present, and if users try to go to the URL for the tab directly, they'll receive a permission denied error. |
| reorder_related_records | Permission to reorder related records. This is only applicable to relationships that have a designated order column (via the metafields:order directive of the relationships.ini file ). |
| rel_relationshipname__roles | ( | Dataface_Record | $record | ) |
Returns the roles for a particular relationship of the given record.
| Dataface_Record | $record | The record that is subject of this query. |
| renderRow | ( | Dataface_Record | $record | ) |
Overrides the display of a table row in list view.
| Dataface_Record | $record | The subject record. |
| renderRowHeader | ( | Dataface_Record | $record | ) |
Overrides the headings row for the list view table.
| section__sectionname | ( | Dataface_Record | $record | ) |
Defines a new section on the view tab.
| Dataface_Record | $record | The subject record. |
| titleColumn | ( | ) |
Returns an SQL expression (that is valid for a column in a select clause) denoting the column(s) that comprise the title of records in this table. This may return a single column name or it may make use of SQL functions like CONCAT() to compose a title from multiple columns.
Using the firstname field as the record title:
Using first name and last name as record title.
| toXML | ( | Dataface_Record | $record | ) |
Overrides the XML output of a record as it would appear in Xataface's export_xml action.
| Dataface_Record | $record | The subject record. |
| valuelist__valuelistname | ( | ) |
Defines a valuelist on the table.
| xmlTail | ( | Dataface_Record | $record | ) |
Returns XML content to be included at the end of the XML representation of this record.
| Dataface_Record | $record | The subject record. |
1.8.1.2