⚠ In case you've missed it, we have migrated to our new website, with a brand new forum. For more details about the migration you can read our blog post for website migration. This is an archived forum. ⚠

  •     

profile picture

check user_id before edit



Osama

Osama
  • profile picture
  • Member

Posted 14 October 2012 - 12:04 PM

hi freinds ,

i have articles table on my db, every user on my site can post articles and have a simple control panel to edit - delete his own articles, i used grocery crud to make this panel but the problem is that any user can edit or delete any article even if it was not his article, so i want to make a check operation to see if the logged in user owns article which he wants to edit or delete or not
for check before delete operation i used callback before delete

$crud->callback_before_delete(array($this,'check_user_id'));

public function check_user_id($primary_key)
{
$this->db->where('article_id',$primary_key);
$user = $this->db->get('articles')->row(user_id);
if ($this->tank_auth->get_user_id() != $user) {
redirect('site');
}
}

but i don't know what to do with edit process i tried to use callback before update

but it allows users to see the update form and i do not want this if the user does not own the articles

any suggestions please !

victor

victor
  • profile picture
  • Member

Posted 14 October 2012 - 13:11 PM

HI!

function manager()
{


$id = $this->uri->segment(4); //"id" segment: site.com/example/manager/edit/6
if(!empty($id) && is_numeric($id))
{
$user = $this->db->get_where('article', array('id'=>$id))->row(user_id);

if ($this->tank_auth->get_user_id() != $user)
{
redirect('site');
}
}

$crud = new grocery_...........
}

Helped you?

victor

victor
  • profile picture
  • Member

Posted 14 October 2012 - 13:34 PM

It's not good practice. You shouldn't to show link "edit" or "delete", if user don't have a permission.
if it's not critical in this case it should work.

Matthew Collins

Matthew Collins
  • profile picture
  • Member

Posted 21 October 2012 - 15:16 PM

I'm not sure I follow the advice here -- but I have a similar question.

I have news items that are assigned to individual users. They should only get to edit their articles. How, when loading the edit page (i.e. news/listing/edit/4) can I run a check before the page displays to see if the logged in user has the permissions to edit this article?

Matthew Collins

Matthew Collins
  • profile picture
  • Member

Posted 21 October 2012 - 15:34 PM

I think I found my answer -- use the getState function to check for edit and / or delete and run my code from there.

love this module.