filters : user dme can view dme69 records …

Archived from the Xataface Users forum.

dme69 — Mon Jun 18, 2007 5:40 am

Hello,

I’m using filters for having users to see only records they have created.

[__filters__]
ID_user=”$user->val(‘UserName’)”

When username is “dme”, he can see the records created by “dme69”.

Please help me.

Dominique.

PS : sorry for my english !

shannah — Mon Jun 18, 2007 10:14 am

Try

[__filters__]
ID_user=”={$user->val(‘UserName’)}”

The prepended ‘=’ sign should force an exact match.

-Steve

dme69 — Tue Jun 19, 2007 2:47 am

Hello Steve,

It’s not working for me. With that i can’t see anything.

Dominique.

shannah — Tue Jun 19, 2007 10:15 am

Hi Dominique,

Ok.. thanks for the bug report.Ê To fix this you will need to make a change to the Dataface/Table.php file.Ê Find the setSecurityFilter() method and replace it with this method:

function setSecurityFilter($filter=null){
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ if ( !isset($filter)){
ÊÊÊ ÊÊÊ ÊÊÊ $filter = array();
ÊÊÊ ÊÊÊ ÊÊÊ $app =& Dataface_Application::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ $query =& $app->getQuery();
ÊÊÊ ÊÊÊ ÊÊÊ if ( class_exists(‘Dataface_AuthenticationTool’) ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth =& Dataface_AuthenticationTool::getInstance();
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user =& $auth->getLoggedInUser();
ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $auth = null;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $user = null;
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ foreach ($this->_filters as $key=>$value){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( isset($this->_securityFilter[$key]) ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( $value{0} == ‘$’ ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, ‘$user’) !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval(‘$filter[$key] = “=”.’.$value.’;’);
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else if ( substr($value,0,4) == ‘php:’ ){
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ if ( !$user and strpos($value, ‘$user’) !== false ) continue;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ eval(‘$filter[$key] = “=”.’.substr($value,4).’;’);
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ } else {
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ $filter[$key] = “=”.$value;
ÊÊÊ ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ }
ÊÊÊ ÊÊÊ
ÊÊÊ ÊÊÊ $this->_securityFilter = $filter;
ÊÊÊ }
ÊÊÊ

Then you can change your [__filters__] section back to what you had originally:

[__filters__]

ID_user=”$user->val(‘UserName’)”