record permissions

Archived from the Xataface Users forum.

yokai — Fri Sep 05, 2008 5:13 am

Hi Steve,

What can I do to restrict access to all records in a table except that which belongs to the logged in user with xataface.

Regards

---

shannah — Fri Sep 05, 2008 1:27 pm

Suppose you have a column in each record that records the username of the owner, called ‘owner’.

Then in your delegate class:

Code: Select all

function getPermissions(&$record){     $auth =& Dataface_AuthenticationTool::getInstance();     $user =& $auth->getLoggedInUser();     if ( $record and $user and $record->val('owner') == $user->val('username') ){         return Dataface_PermissionsTool::ALL();     }     return Dataface_PermissionsTool::NO_ACCESS(); }

Unfortunately in list view it will still show all records, it will just say “NO ACCESS” to the records that you don’t have access to.

You can correct this by adding a security filter.

In your delegate class:

Code: Select all

function init(&$table){     $auth =& Dataface_AuthenticationTool::getInstance();     $user =& $auth->getLoggedInUser();     if ( $user ){         $table->setSecurityFilter(array('owner'=>'='.$user->val('username')));     } }

---

Philipp Wenzel — Tue Jun 19, 2012 9:12 am

Hi,
is this solution still working?

I try to allow my users to access only their data. But with this code i get this error:
Fatal error: Cannot redeclare init() (previously declared in /home/www/cwcity/hosting/i/r/irgps/htdocs/xataface-1.3.2/init.php:22) in /home/www/cwcity/hosting/i/r/irgps/htdocs/conf/ApplicationDelegate.php on line 20

Greetz

---

shannah — Wed Jun 20, 2012 10:16 am

You need to implement init() inside of your delegate class so that it is a method of the delegate class and not a global function.

-Steve