Use editor server code but read-only

Use editor server code but read-only

joshlevine102joshlevine102 Posts: 44Questions: 16Answers: 2

Hello. I'm using the .NET WebApi Editor back end code just to populate the DataTable for reading. It seems to work well. If I want users of this page to only be able to read, is there any precaution I should take to prevent requests from doing Create/Update/Delete operations on the data? Is it reasonably safe if there's no Editor in the page JavaScript, or should something be set in the server code to help with this? Thanks.

Answers

  • allanallan Posts: 63,512Questions: 1Answers: 10,472 Site admin

    Hi,

    Absolutely - good point. What you should do is use the pre* events on the server-side and have them each cancel the action:

                editor.PreCreate += (sender, e) =>
                    e.Cancel = true;
    

    The other option is to set all fields to be unwritable:

    new Field( ... ).Set( false )
    

    Allan

  • joshlevine102joshlevine102 Posts: 44Questions: 16Answers: 2

    Oh, that server side code sounds good. I'll try that. Thanks.

This discussion has been closed.