make a field read-only in the add/edit forms

[Eric Peterson]

I have data table and would like to capture the user that added a record, and the user that last edited the record.  My strategy is (1) to programmatically add the users ID (primary key in my user table), and (2) block that from being manually edited when the record is being added/edited.  When it is being edited, the form should display the user's name associated with the ID - not simply the integer value of the ID.

Right now I'm interested primarily in part 2 - display the user's name associated with the ID, yet not allow it to be edited.   Problem seems to be that to show the user's name, I need to set up a select box and a vocabulary with an sql statement... Thus 'widget:type = static' is no longer an option.  I found this post: http://xataface.com/forum/viewtopic.php?t=4446#21974 which looked like the perfect solution. 

Unfortunately it doesn't work.  I set up 'widget:type = select', the vocabulary with sql statement, then the fieldName__permissions() function returning READ_ONLY().  When I check the edit form, I am still able to pick whatever user I want and it is stored into the data record.  I even added an echo statement to verify my functions syntax and that it is firing... in fact it fires multiple times.

What am I missing?

Thanks!

[Steve Hannah]

field permissions are overlaid over record permissions, and READ_ONLY actually doesn't explicitly disable editing - it just doesn't explicitly enable them.  Better to do something like this:

function fieldname__permissions($record){

    return array('edit'=>0, 'new'=>0);

}

or 

function fieldname__permissions($record){

    $perms = Dataface_PermissionsTool::NO_ACCESS();

    $perms['edit'] = 0;

    $perms['new'] = 0;

    return $perms;

}

Steve

--
Steve Hannah

Web Lite Solutions Corp.

[Eric Peterson]

Thanks Steve - your second function as given made the field not display at all, but adding $perms['view'] = 1; did the trick.  I can now see who added my record, but can't change it.  Perfect!

[Steve Hannah]

Ya... my brain farted on that second function example.  Setting $perms['edit'] and $perms['new'] to 0 is reduntant in this case because NO_ACCESS() sets zeroes across the board.

Steve

On Mon, Oct 21, 2013 at 11:30 AM, Eric Peterson <myco...@gmail.com> wrote:

Thanks Steve - your second function as given made the field not display at all, but adding $perms['view'] = 1; did the trick.  I can now see who added my record, but can't change it.  Perfect!

[Eric Peterson]

So if I block these from being editable, then I think setting values must be done in beforeSave() and cannot be done with fieldname__default() ?  With the later, I get the value to show up on the edit form, but it does not get stored into the database record.

Thanks!

[Steve Hannah]

That's correct.  If the field isn't editable, you'll need to set extra values in beforeSave().

Steve

[Paul Orrock]

Just for others to find:

If you do the above and your field is actually an ID with a reference to another table, the vocabulary (in valuelists.ini) works for list and view but not edit. To make your cross reference show up you'll need to use fieldname__pullValue.

e.g.
/* show username from cmdb_users table rather than their ID */

    function Modified_By__pullValue( &$record ){
           $string = "select Username from cmdb_users where UserID = '".$record->val('Modified_By')."'";
        list($lab) = mysql_fetch_row(mysql_query($string,df_db()));
        return $lab;
    }

Paul

[ppt...@gmail.com]

Hi Steve,

For some reason, it's not working for me.
Here is my conf/ApplicationDelegate.php:

<?php
class conf_ApplicationDelegate {
     function getPermissions(&$record){
         $auth =& Dataface_AuthenticationTool::getInstance();
         $user =& $auth->getLoggedInUser();
         if ( !isset($user) ) return Dataface_PermissionsTool::NO_ACCESS();
             // if the user is null then nobody is logged in... no access.
             // This will force a login prompt.
         $role = $user->val('Role');
         return Dataface_PermissionsTool::getRolePermissions($role);
             // Returns all of the permissions for the user's current role.
      }
    function id__permissions(&$record){
      return array('edit'=>0); // has no effect
      //return Dataface_PermissionsTool::NO_ACCESS(); // has no effect
    }

}
?>

I have a field named 'id' in my table, but I can still see and edit it.


בתאריך יום שבת, 19 באוקטובר 2013 03:10:11 UTC+3, מאת Steve Hannah:

[Steve Hannah]

Field permission functions like id__permissions(..) need to be in the table delegate class.  They won't work in the application delegate class.

Steve

--
You received this message because you are subscribed to the Google Groups "Xataface" group.
Visit this group at http://groups.google.com/group/xataface.
To view this discussion on the web visit https://groups.google.com/d/msgid/xataface/0791a09a-c287-416e-ad59-5bcb16dec304%40googlegroups.com.