field ->set field->get security

oitconz

Hi,
We are implmenting a Datatables project where the CRUD of a table is managed by user roles. e.g. a User may be READER, EDITOR, ADMIN
For some tables a user with editor can read but not edit fields, but an admin can read and edit the table.
The security example shows you using a session as below. but doesnt seem to have a true / false type of part to it.
We are hoping not to use a session but a user object so if user->role() == 'ADMIN' then get and set the field but if user->role() == 'EDITOR' then field->get but no field->set

How would we do this as the example with session possibly relies on a call to session to see if $_session[access][admin] exits? That's different if using a method call. I cannot find documentation for it. Thanks

Example from docs:
Editor::inst( $db, 'staff' )
->fields(
Field::inst( 'name' )
->set( $_SESSION['access']['editing'] )
Field::inst( 'location' )
->set( $_SESSION['access']['editing'] )
Field::inst( 'salary' )
->get( $_SESSION['access']['admin'] )

allan

Hi,

The key with ->set() and ->get() is to pass a boolean to them based on whatever information you have for the access rights. In the example we use a session, but if you have it in an object instance, that is absolutely fine as well - e.g.

Field::inst('name')
  ->set( $user->role() === 'EDITOR' )

There if the user is an editor, then set() will be given true, otherwise it will get false.

Allan