Related table permissions

Skip to first unread message

Paul Cipollone

Feb 14, 2021, 5:13:23 PMFeb 14
to Xataface
So based on docs and things I've been able to do thus far:
  • Enable a site-wide login page.
  • Create the user DB along with user ID's with defined permissions
  • Test these things (Read-only user can really just read-only, etc.)
  • Disabled the "Forgot Password" link in the sign-on page.
  • Removed the edit profile/change password link while in operation.
So...all is well, except for one lagging issue, which is what brought me down this rabbit-hole to start with. I have
a table (let's call it "Users"), with a related-record for sales people ("Sales"). Sales table is simple....a name, name
of the user that sales-rep represents, and a percentage value for commission. 

Ideally, we want everyone except admins to be able to edit/delete/add new sales reps. We want everyone to be able
to SEE the sales rep, but nothing else. Have a simple ApplicationDelegate for sitewide:

class conf_ApplicationDelegate {
    * Returns permissions array.  This method is called every time an action is  
    * performed to make sure that the user has permission to perform the action.
    * @param record A Dataface_Record object (may be null) against which we check
    *               permissions.
    * @see Dataface_PermissionsTool
    * @see Dataface_AuthenticationTool
    function getPermissions(&$record){
        $auth =& Dataface_AuthenticationTool::getInstance();
        $user =& $auth->getLoggedInUser();
        if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
            // if the user is null then nobody is logged in... no access.
            // This will force a login prompt.
        $role = $user->val('Role');
        return Dataface_PermissionsTool::getRolePermissions($role);
            // Returns all of the permissions for the user's current role.

...a simple Users table:

|      1 | User  | User  | DELETE    |
|      2 | Admin | Admin | ADMIN     |
|      3 | RO    | RO    | READ ONLY |

...which functions correctly. Note that we want all the users to be able to edit/add to all other
tables, EXCEPT ONE.  No matter what I put in the permissions.ini file for that particular table, nothing takes
effect. If i log in as read-only I can't, but then again...I can't for ANY table at that point. Tried the obvious:


No luck. Trying to put the examples in the related-tables .PHP file (from here:, 
has no effect either.

Would LOVE some advice on this...very close to having this exactly as needed, except for this one issue.

Steve Hannah

Feb 14, 2021, 5:17:24 PMFeb 14
The permissions.ini file is only in the app root.  Not in individual tables.  

You received this message because you are subscribed to the Google Groups "Xataface" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Steve Hannah
Web Lite Solutions Corp.
Reply all
Reply to author
0 new messages