modifications...

FastRWeb/web.R/Rdemo.R

-run <- function(samples,...) {
+run <- function(nb=5,...) {
 	oclear();
-	row<-fromJSON(URLdecode(samples), simplifyMatrix =FALSE)
-	col<-colnames(patient);
-	dat <- patient[1:row,]
-	l <- list(data = dat, cols =col , nbPages = 3)
+	nb <- as.numeric(nb);
+	col<-colnames(expData);
+	sub <- expData[1:nb,]
+	l <- list(data = sub, headers =col)
 	out(toJSON(l))
-
 	    done()
 }
\ No newline at end of file

FastRWebPHP/R.php

@@ -5,6 +5,26 @@ require_once $_SERVER["DOCUMENT_ROOT"].'/../conf/FastRWeb_config.php';
 require_once $_SERVER["DOCUMENT_ROOT"].'/../tools/include.php';
 require RSERVE_PHPFW.'/Connection.php';
 
+
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="My Realm"');
+    header('HTTP/1.0 401 Unauthorized');
+    exit;
+} else {
+	$login = $_SERVER['PHP_AUTH_USER'];
+	$code = $_SERVER['PHP_AUTH_PW'];
+	$user = $GLOBALS['DB']->get("users",array('user_id','is_active','is_admin'),array('AND' => array('login' => $login,'code' => $code)));
+	if(!$user) throw new Exception('Invalid username and / or password',501);
+	if($user['is_active'] == 'N' && urldecode($req->getPathInfo()) !== '/user/'.base64_encode($login.":".$code)){
+	    header('WWW-Authenticate: Basic realm="My Realm"');
+	    header('HTTP/1.0 401 Unauthorized');
+	    exit;
+	}
+
+}
+
+
+
 $root = RSERVE_FASTRWEB ; // set to the root of your FastRWeb installation - must be absolute
 
 function process_FastRWeb() {
@@ -19,6 +39,26 @@ function process_FastRWeb() {
     if(count($sp_path) == 2) $sp_path[2] = "";
     $sID = $sp_path[1];
     $path = "/".$sp_path[2];
+	// Verify permissions for loading data
+	if($path == '/load_data'){
+		if(preg_match("/project_(\d+)\/dataset_(\d+)\//",$_GET['file'],$matches)){
+			$project_id = $matches[1];
+			$dataset_id = $matches[2];
+			require __DIR__."/../../htdocs/api/datasets.php";
+			if(!check_dataset_permissions($dataset_id,$user_id,1)){
+			    header('WWW-Authenticate: Basic realm="My Realm"');
+			    header('HTTP/1.0 401 Unauthorized');
+			    exit;
+			}
+		}
+		else{
+			error_log('path unvalid');
+		    header('WWW-Authenticate: Basic realm="My Realm"');
+		    header('HTTP/1.0 401 Unauthorized');
+		    exit;
+
+		}
+	}
   } elseif (preg_match('/newskt/', $sp_path[1])) {
     // Client kindly asks for a new socket
     try {

FastRWeb_config.php

+<?php
+define('RSERVE_HOST',$_SERVER["DOCUMENT_ROOT"].'/../tools/socketeer');
+define('RSERVE_PORT',0);
+define('RSERVE_PHPFW',$_SERVER["DOCUMENT_ROOT"].'/../tools/FastRWebPHP/');
+define('RSERVE_FASTRWEB',$_SERVER["DOCUMENT_ROOT"].'/../tools/FastRWeb/');
+?>

rserve.js

@@ -43,6 +43,8 @@
 		};
 		var serverRoot = ENV.serverURL.split('api')[0]+"R/";
 
+
+		// function to start a new connection to RServe. Register a new socket with socketeer and get it's ID. It will then keeps the socket alive with $interval call.
 		function start(){
 
 			return $http.get(serverRoot+"newskt").then(function successCallback(data) {
@@ -59,26 +61,28 @@
 
 		}
 
+		// function to keep the socket alive. Otherwise, the socket dies after 120 seconds (default)
+
 		function keepAlive(){
 			if(!service.socketeerID) start();
 			return $http.get(serverRoot+service.socketeerID);
 		}
 
+
+		// function to load the data in the R session.
 		function loadData(dataPath){
 			if(!service.socketeerID) toastr.error("No connection to RServe");
 			else{
-				return $http.get(serverRoot+"/"+service.socketeerID+"/load_data?file="+dataPath).then(function(data){
-				});
+				return $http.get(serverRoot+"/"+service.socketeerID+"/load_data?file="+dataPath);
 			}
 		}
 
-		
-		function Rdemo(samples){
+		// example of an R function to query a dataset
+		function Rdemo(nb){
 			if(!service.socketeerID) toastr.error("No connection to RServe");
 			else{
 				var url = serverRoot+"/"+service.socketeerID + "/Rdemo";
-				// if(samples) url += "&samples="+samples
-				if(samples && samples != '[]') url += "?samples="+samples;
+				if(nb) url += "?nb="+nb;
 				return $http.get(url);
 			}
 		}