Thursday, November 6, 2008

Secure Display

If you are using Xataface as your backend management, and also as a front end (through the use of actions and templates) this can save you lots of time. However, sometimes you set permissions on records that you don't want users seeing if they are in the backend. For example, the application could prevent any users not logged in from seeing the backend by returning:

return Dataface_PermissionsTool::NO_ACCESS();


However this could have adverse effects as in the front end some records are no longer viewable because of this. One way to solve this is to set in each of your smarty templates this small block of code which basically causes all records to ignore all permissions:


{php}
$pt =& Dataface_PermissionsTool::getInstance();
$pt->setContext($pt->PUBLIC_CONTEXT());
{/php}

No comments: