[Billy Wong]

I'm trying a function that view and edit self's profile(1.jpg, 2.jpg) :

$crud = new grocery_CRUD();
$crud->set_table('staff');
$crud->where ('id',$_SESSION['myID']);
$crud->$crud->unset_add();
$output = $crud->render();
$this->_view_output($output);

The result seem correct and listed one record that matched with myID.

 

But, I can simply

  view/edit another row by modify URL (3.jpg)

  add a row by modify the URL (4.jpg)

  delete a row by same method

  or do this my modify source code in a browser.

Is there any (easy is better) way to prevent this? Thank you.

 

 

[Amit Shah]

Hi there,

 

Well my friend - where clause is only for restricting the view .. and not the actions related to them.

 

In order for you to prevent the actions, you have to manually code for the same. Based on the criteria / condition ... you might have to reject the action call / show error ... etc..

[Billy Wong]

Hi there,

 

Well my friend - where clause is only for restricting the view .. and not the actions related to them.

 

In order for you to prevent the actions, you have to manually code for the same. Based on the criteria / condition ... you might have to reject the action call / show error ... etc..

Could it be done inside controller's file to handle reject these call?

or may I where entrance point i need to start with?

Many thanks

[Amit Shah]

yes it has to be done in the controller's method itself... where u making the call to the GC functions