Jump to content


Hot to hide URL action ?

url actions

  • Please log in to reply
3 replies to this topic

#1 Lucas

Lucas

    Advanced Member

  • Members
  • PipPipPip
  • 42 posts
  • LocationMedellin - Colombia

Posted 25 September 2013 - 12:48 AM

How to hide the action of the URL (edit/2), because the user can change the number '2' for other number and see prohibited content

 

 

http://localhost/rub...n_usuarios/TRUE/edit/2

 



#2 palme

palme

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 25 September 2013 - 03:25 PM

Hi Lucas

 

I hope this will be useful

 

http://www.grocerycr...-url/#entry5876



#3 Lucas

Lucas

    Advanced Member

  • Members
  • PipPipPip
  • 42 posts
  • LocationMedellin - Colombia

Posted 25 September 2013 - 10:47 PM

DID NOT WORK

 

THIS IS MY CODE

    public function definicion_mi_usuarios() {

        $crud = new grocery_CRUD();

        $user_id = $this->session->userdata('administrador_identificacion');


        if ($this->uri->segment(4) == 'edit') {
            $this->uri->set_segment(5, $user_id);
        }

        $crud->set_theme('flexigrid');
        $crud->set_table('administrador');
        $crud->set_subject('Definicion de Usuarios');
        $crud->set_relation('id_rol', 'rol', 'rol_nombre');
        $crud->set_relation('id_dependencia', 'dependencia', 'dependencia_nombre');
        $crud->set_rules('administrador_clave', 'Contraseña', 'min_length[6]|required');
        $crud->set_rules('administrador_email', 'Email', 'valid_email|required');
        $crud->set_rules('administrador_identificacion', 'Número de identificación', 'callback_usuario_check|numeric|required');
        $crud->display_as('id_rol', 'Rol');
        $crud->display_as('id_dependencia', 'Dependencia');
        $crud->display_as('administrador_nombre', 'Nombre');
        $crud->display_as('administrador_clave', 'Contraseña');
        $crud->display_as('administrador_apellidos', 'Apellidos');
        $crud->display_as('administrador_email', 'Correo electrónico ');
        $crud->display_as('administrador_identificacion', 'Número de identificación ');
        $crud->change_field_type('administrador_clave', 'password');
        $crud->required_fields('administrador_nombre', 'administrador_apellidos', 'administrador_email', 'administrador_identificacion', 'administrador_clave', 'id_rol', 'id_dependencia');
        $crud->unset_columns('administrador_clave');
        $crud->unset_back_to_list();
        $crud->unset_read();
        $crud->callback_before_insert(array($this, 'antes_de_guardar'));
        $crud->callback_before_update(array($this, 'antes_de_guardar'));
        $crud->where('administrador_identificacion', $this->session->userdata('administrador_identificacion'));
        $crud->unset_add();
        $crud->unset_delete();
        $crud->edit_fields('administrador_nombre', 'administrador_apellidos', 'administrador_identificacion', 'administrador_email', 'administrador_clave');

        try {
            $output = $crud->render();
            $this->_example_output($output);
        } catch (Exception $e) {
            if ($e->getCode() == 14) {
                redirect('referenciales_entidad/definicion_mi_usuarios/edit');
            } else {
                show_error($e->getMessage());
            }
        }
    }


#4 davidoster

davidoster

    Grocery CRUD Ninja

  • Advanced Member
  • PipPipPip
  • 1,068 posts
  • LocationAthens, Greece

Posted 26 September 2013 - 09:00 AM

Hello Lucas.

I haven't checked your code at all but if you use version 1.4 and onwards the add and edit operations use a popup window.

If you change the add / edit / delete operations on Actions columns with your own you partialy (but not securely) can hide the ../edit/2 path using javascript.

 

UPDATE: I just checked your code. Why don't you use the getState in order to be on the safe side?


Edited by davidoster, 26 September 2013 - 09:02 AM.
UPDATE

____________________________________________________________

 

rtfm_small.jpg---!!!Please read these guidelines before asking to the forums!!!---

____________________________________________________________

 

David Oster aka George Pasparakis,
http://odphotography.com
http://eletter.gr






Also tagged with one or more of these keywords: url, actions

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users