Heya.
I have a form that inserts to a database
Another page loads the record in the same (copied) form to update
How can I set permission to update to the creator only?
tried "Validate Data" in the submit event with {user:id}:{Model.user_id}
didn't prevent me from changing the record with another user.
thanks for help!
I have a form that inserts to a database
Another page loads the record in the same (copied) form to update
How can I set permission to update to the creator only?
tried "Validate Data" in the submit event with {user:id}:{Model.user_id}
didn't prevent me from changing the record with another user.
thanks for help!
Hi morphz,
You can use an Event Switcher in the second form On Load event to check if the current user is the creator of the record they are trying to load.
Bob
You can use an Event Switcher in the second form On Load event to check if the current user is the creator of the record they are trying to load.
Bob
1. Read Data
2. Event Switcher
Data provider: {var:read_data.model.user_id}
Events: {user:id}
3. Display Section inside {user:id} event.
4. Debugger
Naming the event "964" directly works and shows the display section. Naming the event "{user:id}" does NOT work. (my user id is 964)
What am I missing?
Also, how can I determine what happens if none of the event names fit the data provider? (Can't find anything on that in the manual)
Thanks for help!
2. Event Switcher
Data provider: {var:read_data.model.user_id}
Events: {user:id}
3. Display Section inside {user:id} event.
4. Debugger
Naming the event "964" directly works and shows the display section. Naming the event "{user:id}" does NOT work. (my user id is 964)
What am I missing?
Also, how can I determine what happens if none of the event names fit the data provider? (Can't find anything on that in the manual)
Array
(
[article_id] => 12
[event] => edit
[aef27140db7210fbf793f9cdb818be07] => 5269c28ed3b37f3b1e371ba8118eb658
[joomla_user_state] => logged_in
[Itemid] => 194
[option] => com_content
[view] => article
[id] => 58
[edit-offer] =>
)
Array
(
[read_data11] => Array
(
[log] => Array
(
[0] => SELECT `myoffers`.`aid` AS `myoffers.aid`, `myoffers`.`user_id` AS `myoffers.user_id`, `myoffers`.`created` AS `myoffers.created`, `myoffers`.`modified` AS `myoffers.modified`, `myoffers`.`pirate_name` AS `myoffers.pirate_name`, `myoffers`.`category` AS `myoffers.category`, `myoffers`.`title` AS `myoffers.title`, `myoffers`.`products` AS `myoffers.products`, `myoffers`.`price_poe` AS `myoffers.price_poe`, `myoffers`.`operator` AS `myoffers.operator`, `myoffers`.`price_doubloons` AS `myoffers.price_doubloons`, `myoffers`.`type` AS `myoffers.type` FROM `yfk_chronoforms_data_place-offer` AS `myoffers` WHERE `myoffers`.`aid` = '12' LIMIT 100;
)
[var] => Array
(
[myoffers] => Array
(
[aid] => 12
[user_id] => 964
[created] => 2018-03-07 18:28:49
[pirate_name] =>
[category] => Ship(s)
[title] => Testoffer Sloopdog
[products] => some products
[price_poe] => 1
[operator] => or
[price_doubloons] => 2
[type] => Buying
)
)
)
)
Thanks for help!
Hi,
You better use the same form, add a new event and insert a "Display section" to load the same section.
Under the form general tab, disable the "Disable permissions" setting and save the form (save and close)
Now, assuming your read data is before the "display section" of the new event:
Under the new event display section > permissions, set the "owner id" to {var:read_data11.myoffers.user_id}, and set the "owner" permissions to "allowed"
I think that should work!
Best regards
You better use the same form, add a new event and insert a "Display section" to load the same section.
Under the form general tab, disable the "Disable permissions" setting and save the form (save and close)
Now, assuming your read data is before the "display section" of the new event:
Under the new event display section > permissions, set the "owner id" to {var:read_data11.myoffers.user_id}, and set the "owner" permissions to "allowed"
I think that should work!
Best regards
Hi morphz,
I'm sorry, I have no idea how you are using the Event Switcher here - have you checked the manual?
Bob
I'm sorry, I have no idea how you are using the Event Switcher here - have you checked the manual?
Bob
Thanks so much. Totally forgot about the permissions tab. For those having the same question:
- load event - read data
- load event - display section - permissions - {var:read_data.model.user_id} in "owner id value" - Set Owner allowed
- submit event - save data - permissions - {data:user_id} in "owner id value" - Set Owner allowed
Hi morphz,
Just a note!
This means that passing the correct user_id value in the url will allow access to the form submit event, so if it can be guessed the data will not be safe.
Best regards
Just a note!
submit event - save data - permissions - {data:user_id} in "owner id value" - Set Owner allowed
This means that passing the correct user_id value in the url will allow access to the form submit event, so if it can be guessed the data will not be safe.
Best regards
This topic is locked and no more replies can be posted.
