Hiding tables from certain users
Archived from the Xataface Users forum.
kedoin — Tue Apr 15, 2008 7:31 am
In my Xataface application, I’d like the “admin” to be able to see all the tables. However, there are some tables that the normal users should not need to have access to. I want those tables to disappear from the navigation menu for other users. Also, I want those tables to be inaccessible from URL’s.
The solution I came up with was to create a beforeHandleRequest function in my ApplicationDelegate.php:
- Code: Select all
- `function beforeHandleRequest() {
if ($this->isLoggedIn()) {
if ($this->getLoggedInUsername() !== ‘admin’) {
$app =& Dataface_Application::getInstance();// Makes sure that the NavMenu cannot see these tables
unset($app->_conf[‘_tables’][‘phone_types’]);
unset($app->_conf[‘_tables’][‘address_types’]);
unset($app->_conf[‘_tables’][‘email_types’]);
unset($app->_conf[‘_tables’][‘users’]);// Makes sure that a non-admin user cannot access the tables
// from the browser.
$app->_conf[‘_disallowed_tables’][‘hide_admin1’] = ‘phone_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin2’] = ‘address_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin3’] = ‘email_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin4’] = ‘users’;
}
}
}`
Although this works, I was wondering if there’s a better way to be doing this.
Thank you,
-Rob
shannah — Tue Apr 15, 2008 12:25 pm
Hi Rob,
This technique looks like a good and efficient way to accomplish what you are doing in your case.
(In fact for the tables menu part this is probably the best way).
What I often do is define a very strict getPermissions() method in the application delegate class and then define softer getPermissions() methods on those particular tables that I want to allow users to access.
e.g.
In the application delegate class:
- Code: Select all
function getPermissions(&$record){ if ( $this->getLoggedInUsername() == 'admin' ){ return Dataface_PermissionsTool::ALL(); } else { return Dataface_PermissionsTool::NO_ACCESS(); } }
Then, if you want your user to be able to access the ‘News’ table you could add the following to the News table’s delegate class.
- Code: Select all
- `function getPermissions(&$record){
return Dataface_PermissionsTool::ALL();
}`
Or some other logic to decide what permissions to give on that table.
The permissions method wouldn’t deal with the options in the tables meny, but it would work for access.
All that said, your method looks nice and succinct for the purposes you described.
-Steve
Tag — Wed Jun 02, 2010 1:41 am
Hello,
I’m a French Student, and I would like know more informations about how works the code of Rob (Where should I put it precisely, what does it add …) :
- Code: Select all
- `function beforeHandleRequest() {
if ($this->isLoggedIn()) {
if ($this->getLoggedInUsername() !== ‘admin’) {
$app =& Dataface_Application::getInstance();// Makes sure that the NavMenu cannot see these tables
unset($app->_conf[‘_tables’][‘phone_types’]);
unset($app->_conf[‘_tables’][‘address_types’]);
unset($app->_conf[‘_tables’][‘email_types’]);
unset($app->_conf[‘_tables’][‘users’]);// Makes sure that a non-admin user cannot access the tables
// from the browser.
$app->_conf[‘_disallowed_tables’][‘hide_admin1’] = ‘phone_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin2’] = ‘address_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin3’] = ‘email_types’;
$app->_conf[‘_disallowed_tables’][‘hide_admin4’] = ‘users’;
}
}
}`
Indeed, I also need to hide some tables to certain users. But I started with Xataface and computing, and I feel very badly with the functinning.
Thank you,
Tag