DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Each Row: How can I restrict access to EDIT(read only) based on user name

Each Row: How can I restrict access to EDIT(read only) based on user name

BalaKrishnanDhanuskodiBalaKrishnanDhanuskodi Posts: 45Questions: 17Answers: 0
edited December 2017 in Editor

Happy Evening one and all,

I was trying to explore the answer to below query but no luck, Have successfully completed the build of issue manager. Now, this was accessed by two groups of people. Group/user types are stored in the session.

I am not sure where to write the restriction? PHP or in JS, I thought it should be JS :/

Please refer Exhibit 1 the exhibit enclosed, any issues created by BALA should only be read-only for AUGUSTIN and vice versa. All I am looking is a syntax to control this access restriction using "User name" all the usernames are stored in the session.

Following is the code I use to capture username inside JS, but I am not sure on how to write read-only access to set specific column based on the user.

Below code to capture username in the Editor, read-only mode

{
"label": "Issue Raised by:",
"name": "iss_raised_by",
"type": "readonly",
"def": username
} ,

Exhibit 1

Answers

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    Actually, I would say it should be PHP. If you do it in Javascript, any malicious user could trivial bypass that by marking it as a read / write field.

    The method I generally use is to serve up different Javascript based on the PHP session information. See also the security documentation for Editor which discusses this.

    Allan

  • BalaKrishnanDhanuskodiBalaKrishnanDhanuskodi Posts: 45Questions: 17Answers: 0

    Thanks a lot, Allan. Tried the following code and not working. I am still exploring the forum for an answer. I am a bit confused with Session here I am sure following is something like novice experiment, please bear with me.

    The user control session stored in $_SESSION['SESS_USER_NAME']

    Editor::inst( $db, 'issue_manager', 'id' )
    ->fields(
        Field::inst( 'iss_no' ),
        Field::inst( 'iss_summary' )
            ->validator( 'Validate::notEmpty' ),
        Field::inst( 'iss_description' )
            ->validator( 'Validate::notEmpty' ),
        Field::inst( 'iss_staus' ),
        Field::inst( 'iss_raised_by' )
            ->set( $_SESSION['iss_raised_by']['editing']==$_SESSION['SESS_USER_NAME'] ),
        Field::inst( 'iss_raised_on' ),
        Field::inst( 'iss_last_update' ),
        Field::inst( 'iss_assigned' )
    )
    ->process( $_POST )
    ->json();

    ;

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin

    Do you have information telling you what the user should have access to in the SESSION?

    Regards,
    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.