So based on docs and things I've been able to do thus far:
- Enable a site-wide login page.
- Create the user DB along with user ID's with defined permissions
- Test these things (Read-only user can really just read-only, etc.)
- Disabled the "Forgot Password" link in the sign-on page.
- Removed the edit profile/change password link while in operation.
So...all is well, except for one lagging issue, which is what brought me down this rabbit-hole to start with. I have
a table (let's call it "Users"), with a related-record for sales people ("Sales"). Sales table is simple....a name, name
of the user that sales-rep represents, and a percentage value for commission.
Ideally, we want everyone except admins to be able to edit/delete/add new sales reps. We want everyone to be able
to SEE the sales rep, but nothing else. Have a simple ApplicationDelegate for sitewide:
class conf_ApplicationDelegate {
* Returns permissions array. This method is called every time an action is
* performed to make sure that the user has permission to perform the action.
* @param record A Dataface_Record object (may be null) against which we check
* @see Dataface_PermissionsTool
* @see Dataface_AuthenticationTool
function getPermissions(&$record){
$auth =& Dataface_AuthenticationTool::getInstance();
$user =& $auth->getLoggedInUser();
if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
// if the user is null then nobody is logged in... no access.
// This will force a login prompt.
$role = $user->val('Role');
return Dataface_PermissionsTool::getRolePermissions($role);
// Returns all of the permissions for the user's current role.
...a simple Users table:
| 1 | User | User | DELETE |
| 2 | Admin | Admin | ADMIN |
| 3 | RO | RO | READ ONLY |
...which functions correctly. Note that we want all the users to be able to edit/add to all other
tables, EXCEPT ONE. No matter what I put in the permissions.ini file for that particular table, nothing takes
effect. If i log in as read-only I can't, but then again...I can't for ANY table at that point. Tried the obvious:
[User]
view=1
edit=0
delete=0
[Admin]
view=1
edit=1
delete=1
has no effect either.
Would LOVE some advice on this...very close to having this exactly as needed, except for this one issue.