Home
Documentation
Tutorial
0. Empty application
1. Employee base
2. Hours registration
3. Hours w. options
4. UI specifications
5. Custom skin
6. Custom part
7. Custom page class
8. Event handler
9. Global Filter
10. Localization
11. Custom layout
12. Polymorphism
13. M to N Relationship
14. AJAX and Tabs
Login and Authorization

How to
What is
Design
Classes
Api
Code


Quick search:

Login and Authorization

This example allows the user to log into example 13 and try out the authorization.

This example requires the authentication plugin to be installed, see how to install the authentication plugin. To try it out log in with the username 'demo' and password 'demo' after clicking on the hyperlink on the IndexPage of the login and authorization example.

Installing the example adds a single class to example13: SecurityManager. It defines the initAuthenticator method to initialize the authenticator to an instance of PntxUserAuthenticator. By doing this it overrides pnt.PntSecurityManager::initAuthenticator which initializes to an instance of PntNoAuthenticator. PntNoAuthenticator does not do authentication, therefore a version of phpPeanuts 1.4 without the plugin installed will not ask users to log in. By initializing to an instance of PntxUserAuthenticator authentication is activated for all requestHandlers that use the SecurityManager, in this case those in the example13 classFolder. If the SecurityManager class would have been in the root classFolder, it would have worked for all applications except for those that have their own SecurityManager class.

To keep example 13 working as normal for users that did not log in, the isAuthenticated method was added. Normally the inherited isAuthenticated will allways delegate to the authenticator to see if the user has to log in, but because log in is voluntary it now only initializes the authenticator and allways returns true.

The first authorization is done in the checkAccessApp method. This method allows users that did not log in to access the application. It recognizes those users by the authenticator getValidSessionUser returning null. If it does get a user returned, it asks the user if it has the 'DEMO' credential. Users that do not have the demo credential are denied access by returning an error message.

To allow demo users to access certain classes but not modify them, the checkModifyClass method was added. It first checks of the default implementation inherited from PntSecurityManager returns an error message. This default implementation calls checkViewClass, so that classes that are not to be viewed are not to be modified either. Then for users with 'DEMO' credentials it allows the modification of instances of Activity and Hours. This is about logical instances, so Projects, that are physical instances of a subclass of Activity can be modified too. Finally it returns an error message for all other cases.

Demo users are not allowed to access Countries. This is implemented in checkViewClass. But they are allowed to select a country. If you deny certain users view to instances of a class they may still have the right to modify instances of another class that references that class. If those users can select that reference, they must be allowed to do so explicitly. An example of this with respect to Countries is implemented in checkSelectProperty.

When trying out the demo you may have noticed that the IndexPage of example13 is different after logging in. This is implemented in IndexPage::printMainPart. Example13 itself contains this method so that there are no collisions when installing the authentication plugin on top of the examples.

User Contributed Notes

None yet