[Robert]

I have a table where users log in and add records and i want them to see only what they added. For the filters i use the code :

$user = $this->ion_auth->user()->row();
if ($user->id == '1')
{
         $crud->where('cod_id','1');
}
elseif ($user->id == '2')
{
         $crud->where('cod_id','2');
}
... where cod_id is the id from user. Now the hard part for me is to add the id automatic when a user adds records to the table. Any ideas ? how can i insert the user id from the users to the cod_id of my table ..

 

 

Thanks for you help if anyone know how to do it.

[davidoster]

$user = $this->ion_auth->user()->row();

$crud->where('cod_id', $user->id);

 

Please Robert take some PHP programming lessons. These are elementary.

[Robert]

thanks  davidoster. i have started with tutorials.

[Pakman]

$user = $this->ion_auth->user()->row();

$crud->where('cod_id', $user->id);

 

Please Robert take some PHP programming lessons. These are elementary.

 

How I can prevent a user can edit the data of another user? If I change the url (/ edit / xxxxx) I can edit any record, even those that are filtered.

[davidoster]

How I can prevent a user can edit the data of another user? If I change the url (/ edit / xxxxx) I can edit any record, even those that are filtered.

 

You need to also have something like this,

if($user->id == x) $crud->unset_edit();

[Pakman]

 

You need to also have something like this,

if($user->id == x) $crud->unset_edit();

 

 

Ok davidoster, where I put this line? I'm a beginner! :D

[Robert]

Here you go

// initiate
$user = $this->ion_auth->user()->row();

// filter
if($user->id == 'xx')   {
    $crud->unset_edit();
}

xx = from table users - the id

[davidoster]

Here you go

// initiate
$user = $this->ion_auth->user()->row();

// filter
if($user->id == 'xx')   {
    $crud->unset_edit();
}

xx = from table users - the id

 

 

Ok davidoster, where I put this line? I'm a beginner! :D

 

[member=pakman] use this code on your controller's function, where the grocery crud code is and you want to protect it from.

E.g. you have a table customers and a controller function public function customers().

This is where you put this code.

[Pakman]

Thank you all but I can not get it to work. If I have several users and they change the code in the url (edit/xxx) can edit records that are not yours. With this I have a filter, but if the customer with id =1 type url 'edit/3' he can edit the information of customer 3. :( Well, edit, delete...

	public function customers()
	{
		$crud = new grocery_CRUD();
                $crud->where('id', $customer_id);
		$crud->set_table('customers');
    	        $output = $crud->render();
	    	$this->_example_output($output);	    			

	}

[Pakman]

Well, I found some information here: /topic/2019-where-problems/

[Robert]

Seams you are right ... didn't know about that until now  :)

[Amit Shah]

Welll..

here is a solution to the same you can look into it..

what you can do is..

when the $crud->getState() - is edit...

get the user id

get the primary key of the row that is being edited (explore the getstateinfo function for the same - u should get it as primary_key value)

then compare .. if the users id is the same as the rows id... then only allow him to edit

else show error / take necessary action.

[mnish]

Seams you are right ... didn't know about that until now  :)

 

Don't take tension my friend Here is the solution /topic/2019-where-problems/#entry9376

[Pakman]

Thanks mnish!