Buy Now
Sign in

only allow creator to edit

morphz , March 06 at 15:34
Answered
M
morphz
Heya.
I have a form that inserts to a database
Another page loads the record in the same (copied) form to update
How can I set permission to update to the creator only?
tried "Validate Data" in the submit event with {user:id}:{Model.user_id}
didn't prevent me from changing the record with another user.
thanks for help!
GreyHead
Hi morphz,
You can use an Event Switcher in the second form On Load event to check if the current user is the creator of the record they are trying to load.
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
M
morphz
1. Read Data
2. Event Switcher
Data provider: {var:read_data.model.user_id}
Events: {user:id}
3. Display Section inside {user:id} event.
4. Debugger
Naming the event "964" directly works and shows the display section. Naming the event "{user:id}" does NOT work. (my user id is 964)
What am I missing?
Also, how can I determine what happens if none of the event names fit the data provider? (Can't find anything on that in the manual)
  
Array
(
[article_id] => 12
[event] => edit
[aef27140db7210fbf793f9cdb818be07] => 5269c28ed3b37f3b1e371ba8118eb658
[joomla_user_state] => logged_in
[Itemid] => 194
[option] => com_content
[view] => article
[id] => 58
[edit-offer] =>
)
Array
(
[read_data11] => Array
(
[log] => Array
(
[0] => SELECT `myoffers`.`aid` AS `myoffers.aid`, `myoffers`.`user_id` AS `myoffers.user_id`, `myoffers`.`created` AS `myoffers.created`, `myoffers`.`modified` AS `myoffers.modified`, `myoffers`.`pirate_name` AS `myoffers.pirate_name`, `myoffers`.`category` AS `myoffers.category`, `myoffers`.`title` AS `myoffers.title`, `myoffers`.`products` AS `myoffers.products`, `myoffers`.`price_poe` AS `myoffers.price_poe`, `myoffers`.`operator` AS `myoffers.operator`, `myoffers`.`price_doubloons` AS `myoffers.price_doubloons`, `myoffers`.`type` AS `myoffers.type` FROM `yfk_chronoforms_data_place-offer` AS `myoffers` WHERE `myoffers`.`aid` = '12' LIMIT 100;
)

[var] => Array
(
[myoffers] => Array
(
[aid] => 12
[user_id] => 964
[created] => 2018-03-07 18:28:49
[pirate_name] =>
[category] => Ship(s)
[title] => Testoffer Sloopdog
[products] => some products
[price_poe] => 1
[operator] => or
[price_doubloons] => 2
[type] => Buying
)

)

)

)
Thanks for help!
admin
Hi,
You better use the same form, add a new event and insert a "Display section" to load the same section.
Under the form general tab, disable the "Disable permissions" setting and save the form (save and close)
Now, assuming your read data is before the "display section" of the new event:
Under the new event display section > permissions, set the "owner id" to {var:read_data11.myoffers.user_id}, and set the "owner" permissions to "allowed"
I think that should work!
Best regards
Max
If your main question got answered then please mark the answer using the button!​
​Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!
GreyHead
Hi morphz,
I'm sorry, I have no idea how you are using the Event Switcher here - have you checked the manual?
Bob
ChronoForms technical support
If you'd like to buy me a coffee or two, thank you very much
M
morphz
Thanks so much. Totally forgot about the permissions tab. For those having the same question:
  1. load event - read data
  2. load event - display section - permissions - {var:read_data.model.user_id} in "owner id value" - Set Owner allowed
  3. submit event - save data - permissions - {data:user_id} in "owner id value" - Set Owner allowed
admin
Hi morphz,
Just a note!
submit event - save data - permissions - {data:user_id} in "owner id value" - Set Owner allowed
This means that passing the correct user_id value in the url will allow access to the form submit event, so if it can be guessed the data will not be safe.
Best regards
Max
If your main question got answered then please mark the answer using the button!​
​Please let us know if you have any problems with the new forums text editor, we appreciate your feedback!