Per row validation - PHP Backend
Per row validation - PHP Backend
bebop
Posts: 3Questions: 0Answers: 0
Hi everyone,
I'm using Datatable Editor on my website, and I wanted to implement some security checks. What I have is a table, whose rows belong to different users ( there is a field id_user in order to know who's the owner ), but at the moment everyone is able to modify and/or delete every row ( even though there are not shown )
So what I need to do is to check, before the operation takes place, whether a user is authorized (ie: is the owner ) to perform that kind of operation.
I've looked into validators on Editor but I'm not convinced that is what I am looking for. Can anyone help me? Thanks! 
Replies
This example comes from this thread - it's similar in that you're unable to edit any rows with 'London' as the office location. You could do something similar with the user being compared to the
field_id,Colin
Just to add to that, the custom validators in our PHP libraries are primarily per field, but they can also be used per row as the whole information for the row is passed in.
However, what I would probably do in this case is use an event handler such as
preCreateorpreEdit, to confirm the access per row. The event handlers are called once per row edited (to allow for multi-editing) and will be called regardless of what fields are updated. You can also returnfalseto cancel the action. This provides security which can't be bypassed like a client-side check could be.Allan
@colin 404 on that example
@allan "the whole information for the row is passed in" is passed by the client isn't it? In that case I would need to validate those information anyway.
A query inside an event handler should do the trick
Thanks!
I'm not seeing that 404, both the example and the thread are loading fine for me.
http://live.datatables.net/sicerace/1/edit
https://datatables.net/forums/discussion/67818/readonly-specific-row-in-datatable-editor#latest
Here they are again, not in link form,
Colin