How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content
http://localhost/rubick/referenciales_entidad/definicion_usuarios/TRUE/edit/2
Hot to hide URL action ?
Started by Lucas, 25 September 2013 - 00:48 AM
- Single Page
Lucas
-
- Member
Posted 25 September 2013 - 00:48 AM
palme
-
- Member
Posted 25 September 2013 - 15:25 PM
Lucas
-
- Member
Posted 25 September 2013 - 22:47 PM
DID NOT WORK
THIS IS MY CODE
public function definicion_mi_usuarios() {
$crud = new grocery_CRUD();
$user_id = $this->session->userdata('administrador_identificacion');
if ($this->uri->segment(4) == 'edit') {
$this->uri->set_segment(5, $user_id);
}
$crud->set_theme('flexigrid');
$crud->set_table('administrador');
$crud->set_subject('Definicion de Usuarios');
$crud->set_relation('id_rol', 'rol', 'rol_nombre');
$crud->set_relation('id_dependencia', 'dependencia', 'dependencia_nombre');
$crud->set_rules('administrador_clave', 'Contraseña', 'min_length[6]|required');
$crud->set_rules('administrador_email', 'Email', 'valid_email|required');
$crud->set_rules('administrador_identificacion', 'Número de identificación', 'callback_usuario_check|numeric|required');
$crud->display_as('id_rol', 'Rol');
$crud->display_as('id_dependencia', 'Dependencia');
$crud->display_as('administrador_nombre', 'Nombre');
$crud->display_as('administrador_clave', 'Contraseña');
$crud->display_as('administrador_apellidos', 'Apellidos');
$crud->display_as('administrador_email', 'Correo electrónico ');
$crud->display_as('administrador_identificacion', 'Número de identificación ');
$crud->change_field_type('administrador_clave', 'password');
$crud->required_fields('administrador_nombre', 'administrador_apellidos', 'administrador_email', 'administrador_identificacion', 'administrador_clave', 'id_rol', 'id_dependencia');
$crud->unset_columns('administrador_clave');
$crud->unset_back_to_list();
$crud->unset_read();
$crud->callback_before_insert(array($this, 'antes_de_guardar'));
$crud->callback_before_update(array($this, 'antes_de_guardar'));
$crud->where('administrador_identificacion', $this->session->userdata('administrador_identificacion'));
$crud->unset_add();
$crud->unset_delete();
$crud->edit_fields('administrador_nombre', 'administrador_apellidos', 'administrador_identificacion', 'administrador_email', 'administrador_clave');
try {
$output = $crud->render();
$this->_example_output($output);
} catch (Exception $e) {
if ($e->getCode() == 14) {
redirect('referenciales_entidad/definicion_mi_usuarios/edit');
} else {
show_error($e->getMessage());
}
}
}
davidoster
-
- Member
Posted 26 September 2013 - 09:00 AM
Hello [member=lucas].
I haven't checked your code at all but if you use version 1.4 and onwards the add and edit operations use a popup window.
If you change the add / edit / delete operations on Actions columns with your own you partialy (but not securely) can hide the ../edit/2 path using javascript.
UPDATE: I just checked your code. Why don't you use the getState in order to be on the safe side?