How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content
http://localhost/rub...n_usuarios/TRUE/edit/2
0
3 replies to this topic
#3
Lucas
-
- Members
-
- 42 posts
Advanced Member
Posted 25 September 2013 - 10:47 PM
DID NOT WORK
THIS IS MY CODE
public function definicion_mi_usuarios() {
$crud = new grocery_CRUD();
$user_id = $this->session->userdata('administrador_identificacion');
if ($this->uri->segment(4) == 'edit') {
$this->uri->set_segment(5, $user_id);
}
$crud->set_theme('flexigrid');
$crud->set_table('administrador');
$crud->set_subject('Definicion de Usuarios');
$crud->set_relation('id_rol', 'rol', 'rol_nombre');
$crud->set_relation('id_dependencia', 'dependencia', 'dependencia_nombre');
$crud->set_rules('administrador_clave', 'Contraseña', 'min_length[6]|required');
$crud->set_rules('administrador_email', 'Email', 'valid_email|required');
$crud->set_rules('administrador_identificacion', 'Número de identificación', 'callback_usuario_check|numeric|required');
$crud->display_as('id_rol', 'Rol');
$crud->display_as('id_dependencia', 'Dependencia');
$crud->display_as('administrador_nombre', 'Nombre');
$crud->display_as('administrador_clave', 'Contraseña');
$crud->display_as('administrador_apellidos', 'Apellidos');
$crud->display_as('administrador_email', 'Correo electrónico ');
$crud->display_as('administrador_identificacion', 'Número de identificación ');
$crud->change_field_type('administrador_clave', 'password');
$crud->required_fields('administrador_nombre', 'administrador_apellidos', 'administrador_email', 'administrador_identificacion', 'administrador_clave', 'id_rol', 'id_dependencia');
$crud->unset_columns('administrador_clave');
$crud->unset_back_to_list();
$crud->unset_read();
$crud->callback_before_insert(array($this, 'antes_de_guardar'));
$crud->callback_before_update(array($this, 'antes_de_guardar'));
$crud->where('administrador_identificacion', $this->session->userdata('administrador_identificacion'));
$crud->unset_add();
$crud->unset_delete();
$crud->edit_fields('administrador_nombre', 'administrador_apellidos', 'administrador_identificacion', 'administrador_email', 'administrador_clave');
try {
$output = $crud->render();
$this->_example_output($output);
} catch (Exception $e) {
if ($e->getCode() == 14) {
redirect('referenciales_entidad/definicion_mi_usuarios/edit');
} else {
show_error($e->getMessage());
}
}
}
#4
davidoster
-
- Advanced Member
-
- 1,068 posts
Grocery CRUD Ninja
Posted 26 September 2013 - 09:00 AM
Hello Lucas.
I haven't checked your code at all but if you use version 1.4 and onwards the add and edit operations use a popup window.
If you change the add / edit / delete operations on Actions columns with your own you partialy (but not securely) can hide the ../edit/2 path using javascript.
UPDATE: I just checked your code. Why don't you use the getState in order to be on the safe side?
Edited by davidoster, 26 September 2013 - 09:02 AM.
UPDATE
Also tagged with one or more of these keywords: url, actions
Support →
Grocery CRUD Enterprise →
Link field don't working.Started by matiasnabarro@gmail.com, 27 Apr 2020  fieldType, url, links
|
|
|
||
Support →
Bugs / Issues →
Problem posting/inserting content that contains an urlStarted by Chriz, 27 Aug 2019 post, url, relative, php, format
|
|
|
||
Support →
Grocery CRUD Enterprise →
callbackColumn URL helpStarted by GaryW, 16 Aug 2019 callbackColumn, URL, Tables
|
|
|
||
Support →
I have a question →
Change url for viewStarted by nasrDev, 20 Jul 2018 view, url, change
|
|
|
||
Support →
I have a question →
open url target = _blankStarted by acosoegono, 29 Nov 2017 url, target, grocery, crud and 1 more...
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
