[ELJUSTICEIRO]

Use the where to select only certain records that the user can edit, but if they change the get
index/edit/4 to index/edit/12
He can change the record 12 that is from another user.
Is to protect it in GROCERY?

 

[davidoster]

Hello [member=eljusticeiro].

Well this is not Grocery CRUD's issue to be honest.

You're referring to user permissions where this library doesn't handle user permissions.

But it does help you to distinguish on which state the user is (add/edit/delete etc) and let you decide what you want to do.

Just check the getState function.

[Amit Shah]

Hello ELJUSTICEIRO.

There is a solution as david suggested  ... u can check on the state .. if its edit or not..

and when the state is edit ...

u can check if the user who is trying to edit .. is he eligible for editing the same or not. If he is .. allow him.. if he is now .. show_error ... !!

[mnish]

Hello ELJUSTICEIRO.

There is a solution as david suggested  ... u can check on the state .. if its edit or not..

and when the state is edit ...

u can check if the user who is trying to edit .. is he eligible for editing the same or not. If he is .. allow him.. if he is now .. show_error ... !!

 

My friend Amit You are right. Here is the Solution:-

 

1. Integrate ion_auth library into your CI.

 

2. Table Name - user

 

table structure:-

user_id (int 5)  // user id

org_id (int 5) // used for authentication purpose.

other_fields...

 

you can choose your field as per your requirement , now we come on the function(Controller Function)

 

 

function check_user()

{

                       $this->load->library('grocery_crud');

                       
                        $crud = new grocery_CRUD();               
                        $crud->set_table('user');   //
                        $crud->set_subject('User');
                        $crud->set_primary_key('user_id', 'user');                      
                        
                        $crud->fields('user_id','org_id','other_fields');                   
                       
                        //code to check current user is able to edit the crud entry or not..
                        
                        $state = $crud->getState();
                        $state_info = $crud->getStateInfo();
                        
                        if($state == 'edit')
                        {         

                            //Do your awesome coding here.

                          

                          $primary_key = $state_info->primary_key;

                           

                            // here valid_user_id is the function in valid model you can change both of them

 

                            //if unauthorised user want to edit crud entry function redirect it to their main function.

                           

                            if(is_null($valid_user = $this->valid->valid_user_id($primary_key)))  
                            {
                                redirect('user'); // redirect to function itself.
                            }
                      
                        }
                       
                        $output = $crud->render();

                       $this->load->view('example',$output);

}

 

 

Code In Model:-

 

valid_user_id($primary_key)

{

    $this->db->select('field1'); // use only to check current user is able to edit the record or not.

   $this->db->where('user_id',$primary_key);

  $this->db->where('another where condition');

$query = $this->db->get('user'); // table name

 

if($query->num_rows() == 1) return $query->row(); // here we return result as row do not use $query->result()

 

else return null;

 

//function return null if and only if there are no row selected that means unauthorised access return null value.

 

}

 

Actually I am using this into my project and it works perfectly.

[Amit Shah]

thank you my friend for sharing the logic in the pattern of code!! it surely will be useful for many.

[Pakman]

Thanks for sharing!

[Robert]

Thanks for sharing +1