[Lucas]

How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content

 

 

http://localhost/rubick/referenciales_entidad/definicion_usuarios/TRUE/edit/2

 

[palme]

Hi Lucas

 

I hope this will be useful

 

/topic/172-how-can-i-do-to-hide-id-from-url/#entry5876

[Lucas]

DID NOT WORK

 

THIS IS MY CODE

    public function definicion_mi_usuarios() {

        $crud = new grocery_CRUD();

        $user_id = $this->session->userdata('administrador_identificacion');


        if ($this->uri->segment(4) == 'edit') {
            $this->uri->set_segment(5, $user_id);
        }

        $crud->set_theme('flexigrid');
        $crud->set_table('administrador');
        $crud->set_subject('Definicion de Usuarios');
        $crud->set_relation('id_rol', 'rol', 'rol_nombre');
        $crud->set_relation('id_dependencia', 'dependencia', 'dependencia_nombre');
        $crud->set_rules('administrador_clave', 'Contraseña', 'min_length[6]|required');
        $crud->set_rules('administrador_email', 'Email', 'valid_email|required');
        $crud->set_rules('administrador_identificacion', 'Número de identificación', 'callback_usuario_check|numeric|required');
        $crud->display_as('id_rol', 'Rol');
        $crud->display_as('id_dependencia', 'Dependencia');
        $crud->display_as('administrador_nombre', 'Nombre');
        $crud->display_as('administrador_clave', 'Contraseña');
        $crud->display_as('administrador_apellidos', 'Apellidos');
        $crud->display_as('administrador_email', 'Correo electrónico ');
        $crud->display_as('administrador_identificacion', 'Número de identificación ');
        $crud->change_field_type('administrador_clave', 'password');
        $crud->required_fields('administrador_nombre', 'administrador_apellidos', 'administrador_email', 'administrador_identificacion', 'administrador_clave', 'id_rol', 'id_dependencia');
        $crud->unset_columns('administrador_clave');
        $crud->unset_back_to_list();
        $crud->unset_read();
        $crud->callback_before_insert(array($this, 'antes_de_guardar'));
        $crud->callback_before_update(array($this, 'antes_de_guardar'));
        $crud->where('administrador_identificacion', $this->session->userdata('administrador_identificacion'));
        $crud->unset_add();
        $crud->unset_delete();
        $crud->edit_fields('administrador_nombre', 'administrador_apellidos', 'administrador_identificacion', 'administrador_email', 'administrador_clave');

        try {
            $output = $crud->render();
            $this->_example_output($output);
        } catch (Exception $e) {
            if ($e->getCode() == 14) {
                redirect('referenciales_entidad/definicion_mi_usuarios/edit');
            } else {
                show_error($e->getMessage());
            }
        }
    }

[davidoster]

Hello [member=lucas].

I haven't checked your code at all but if you use version 1.4 and onwards the add and edit operations use a popup window.

If you change the add / edit / delete operations on Actions columns with your own you partialy (but not securely) can hide the ../edit/2 path using javascript.

 

UPDATE: I just checked your code. Why don't you use the getState in order to be on the safe side?