Datagrid Open_basedir restriction

Archived from the Xataface Users forum.

ge11er — Wed Feb 11, 2009 5:12 pm

Steve

Can you point me in the right direction to correct this error.

Cheers

Graham

Warning: is_readable() [function.is-readable]: open_basedir restriction in effect. File(/var/www/vhosts/eatout.co.im/httpdocs/xataface-1.1.2/../../xataface-1.1.2/modules/DataGrid-0.2/actions/login_prompt.php) is not within the allowed path(s): (/var/www/vhosts/eatout.co.im/httpdocs:/tmp) in /var/www/vhosts/eatout.co.im/httpdocs/xataface-1.1.2/Dataface/Application.php on line 968

shannah — Wed Feb 11, 2009 7:01 pm

Thanks… this is something that will have to be corrected for future versions. One step is to do a fine in the Dataface/Application.php and Dataface/ConfigTool.php files for “file_exists”, (i.e. find anywhere that file_exists() is called, and suppress errors. I.e. change

Code: Select all
file_exists(...)

to

Code: Select all
@file_exists(...)

ge11er — Sun Feb 15, 2009 12:47 pm

The user has ADMIN access and is able to view/edit/update/insert records but the datagrid tab is not available.

All installation requirements are met. Tables have been created.

Any pointers?

shannah — Mon Feb 16, 2009 1:30 pm

By ‘ADMIN’ access, does that mean that you have given the user the ‘ADMIN’ role:

Code: Select all
return Dataface_PermissionsTool::getRolePermissions('ADMIN');

or something else?

ge11er — Mon Feb 16, 2009 2:05 pm

Sorry but its been a while since using Xataface.. the user has been given an’ADMIN’ role.

shannah — Mon Feb 16, 2009 2:14 pm

What does your getPermissions() method look like?

The key is that your user must have the DataGrid:view permission in order to see the datagrid tab. The “ADMIN” role should have this by default.

ge11er — Mon Feb 16, 2009 3:31 pm

Hi Steve

This is it…

function getPermissions(&$record){

$auth =& Dataface_AuthenticationTool::getInstance();

$user =& $auth->getLoggedInUser();

$app =& Dataface_Application::getInstance();

$query =& $app->getQuery();

if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();

if (is_null($record) && $user->val(‘Role’) == ‘ADMIN’ ) return Dataface_PermissionsTool::ALL();

if ( $query[‘-action’] == ‘new’)

return Dataface_PermissionsTool::ALL();

if ( !($record)) {

return Dataface_PermissionsTool::READ_ONLY();

}

if ($record->val(‘UserID’) == $user->val(‘UserID’) ) return Dataface_PermissionsTool::ALL();

return Dataface_PermissionsTool::READ_ONLY();

}

Graham

shannah — Mon Feb 16, 2009 6:12 pm

This is strange. The DataGrid:view permission should be included with any call to Dataface_PermissionTool::ALL() .

One possibility is that this case:

Code: Select all
if ( !($record)) { return Dataface_PermissionsTool::READ_ONLY(); }

is taken effect when checking for the datagrid permission. Try changing that rule to return ALL() as well and see if it makes a difference.

ge11er — Sun Mar 15, 2009 5:56 pm

My ApplicationDelegate.php previously posted appears to be denying me permission to insert a new record using DataGrid method whereas in normal operation it works fine.

When inserting a new record a default value defined in ‘fields.ini’ is not picked up using DataGrid method ( disabled ApplicationDelegate.php to get things going)

Any help much appreciated.

shannah — Tue Mar 17, 2009 3:20 pm

Try modifying your getPermissions() method as follows:

Code: Select all
`function getPermissions(&$record){

$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
$app =& Dataface_Application::getInstance();
$query =& $app->getQuery();
if ( !$user ) return Dataface_PermissionsTool::NO_ACCESS();

if ( $user->val(‘Role’) == ‘ADMIN’ ) return Dataface_PermissionsTool::ALL();
else if ($record and $user and $record->val(‘UserID’) == $user->val(‘UserID’) ){
     return Dataface_PermissionsTool::ALL();
}
else {
    $perms = Dataface_PermissionsTool::READ_ONLY();
    $perms[‘new’] = 1;
    return $perms;
}

return Dataface_PermissionsTool::READ_ONLY();

}`

English iterpretation:

  1. Admins can do everything.

  2. Record owners can do everything to the records that they own.

  3. Regular users get read only access plus they can add new records.

Your previous getPermissions method worked as follows:

  1. Admins can do everything that does NOT pertain to a particular record.

  2. Regular users can do everything if the current action is ‘new’ (which is not the case when adding new records through the grid).

  3. Regular users get READ ONLY access in contexts that do NOT pertain to a particular record.

  4. Record owners get all permissions to record that they own.

  5. Otherwise users get read only access.

This previous rules were kind of convoluted and make it hard to predict how the system would act.

-Steve