Related table permissions

[Paul Cipollone]

So based on docs and things I've been able to do thus far:

• Enable a site-wide login page.
• Create the user DB along with user ID's with defined permissions
• Test these things (Read-only user can really just read-only, etc.)
• Disabled the "Forgot Password" link in the sign-on page.
• Removed the edit profile/change password link while in operation.

So...all is well, except for one lagging issue, which is what brought me down this rabbit-hole to start with. I have

a table (let's call it "Users"), with a related-record for sales people ("Sales"). Sales table is simple....a name, name

of the user that sales-rep represents, and a percentage value for commission. 

Ideally, we want everyone except admins to be able to edit/delete/add new sales reps. We want everyone to be able

to SEE the sales rep, but nothing else. Have a simple ApplicationDelegate for sitewide:

<?php

class conf_ApplicationDelegate {

   /**

    * Returns permissions array.  This method is called every time an action is  

    * performed to make sure that the user has permission to perform the action.

    * @param record A Dataface_Record object (may be null) against which we check

    *               permissions.

    * @see Dataface_PermissionsTool

    * @see Dataface_AuthenticationTool

    */

    function getPermissions(&$record){

        $auth =& Dataface_AuthenticationTool::getInstance();

        $user =& $auth->getLoggedInUser();

        if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();

            // if the user is null then nobody is logged in... no access.

            // This will force a login prompt.

        $role = $user->val('Role');

        return Dataface_PermissionsTool::getRolePermissions($role);

            // Returns all of the permissions for the user's current role.

    }

}

?>

...a simple Users table:

|      1 | User  | User  | DELETE    |
|      2 | Admin | Admin | ADMIN     |
|      3 | RO    | RO    | READ ONLY |

...which functions correctly. Note that we want all the users to be able to edit/add to all other

tables, EXCEPT ONE.  No matter what I put in the permissions.ini file for that particular table, nothing takes

effect. If i log in as read-only I can't, but then again...I can't for ANY table at that point. Tried the obvious:

[User]
    view=1
    edit=0
    delete=0
[Admin]
    view=1
    edit=1
    delete=1

No luck. Trying to put the examples in the related-tables .PHP file (from here:  http://xataface.com/wiki/permissions.ini_file), 

has no effect either.

Would LOVE some advice on this...very close to having this exactly as needed, except for this one issue.

[Steve Hannah]

The permissions.ini file is only in the app root.  Not in individual tables.  

--
You received this message because you are subscribed to the Google Groups "Xataface" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xataface+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xataface/c6d09d17-ee7d-41e7-bf18-bbff2ea3ee75o%40googlegroups.com.

--

Steve Hannah

Web Lite Solutions Corp.