⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

check user_id before edit

Started by , 14 October 2012 - 12:04 PM


Osama
  • profile picture
  • Member

Posted 14 October 2012 - 12:04 PM

hi freinds ,

i have articles table on my db, every user on my site can post articles and have a simple control panel to edit - delete his own articles, i used grocery crud to make this panel but the problem is that any user can edit or delete any article even if it was not his article, so i want to make a check operation to see if the logged in user owns article which he wants to edit or delete or not
for check before delete operation i used callback before delete

$crud->callback_before_delete(array($this,'check_user_id'));

public function check_user_id($primary_key)
{
$this->db->where('article_id',$primary_key);
$user = $this->db->get('articles')->row(user_id);
if ($this->tank_auth->get_user_id() != $user) {
redirect('site');
}
}

but i don't know what to do with edit process i tried to use callback before update

but it allows users to see the update form and i do not want this if the user does not own the articles

any suggestions please !

victor
  • profile picture
  • Member

Posted 14 October 2012 - 13:11 PM

HI!


function manager()

{





	 $id = $this->uri->segment(4); //"id" segment: site.com/example/manager/edit/6

	 if(!empty($id) && is_numeric($id))

	 {

         $user = $this->db->get_where('article', array('id'=>$id))->row(user_id);



         if ($this->tank_auth->get_user_id() != $user)

         {

              redirect('site');

          }            

	 }



$crud = new grocery_...........

}

Helped you?

victor
  • profile picture
  • Member

Posted 14 October 2012 - 13:34 PM

It's not good practice. You shouldn't to show link "edit" or "delete", if user don't have a permission.
if it's not critical in this case it should work.

Matthew Collins
  • profile picture
  • Member

Posted 21 October 2012 - 15:16 PM

I'm not sure I follow the advice here -- but I have a similar question.

I have news items that are assigned to individual users. They should only get to edit their articles. How, when loading the edit page (i.e. news/listing/edit/4) can I run a check before the page displays to see if the logged in user has the permissions to edit this article?

Matthew Collins
  • profile picture
  • Member

Posted 21 October 2012 - 15:34 PM

I think I found my answer -- use the getState function to check for edit and / or delete and run my code from there.

love this module.