field ->set field->get security

field ->set field->get security

oitconzoitconz Posts: 1Questions: 1Answers: 0

Hi,
We are implmenting a Datatables project where the CRUD of a table is managed by user roles. e.g. a User may be READER, EDITOR, ADMIN
For some tables a user with editor can read but not edit fields, but an admin can read and edit the table.
The security example shows you using a session as below. but doesnt seem to have a true / false type of part to it.
We are hoping not to use a session but a user object so if user->role() == 'ADMIN' then get and set the field but if user->role() == 'EDITOR' then field->get but no field->set

How would we do this as the example with session possibly relies on a call to session to see if $_session[access][admin] exits? That's different if using a method call. I cannot find documentation for it. Thanks

Example from docs:
Editor::inst( $db, 'staff' )
->fields(
Field::inst( 'name' )
->set( $_SESSION['access']['editing'] )
Field::inst( 'location' )
->set( $_SESSION['access']['editing'] )
Field::inst( 'salary' )
->get( $_SESSION['access']['admin'] )

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,498Questions: 1Answers: 10,470 Site admin
    edited May 2020 Answer ✓

    Hi,

    The key with ->set() and ->get() is to pass a boolean to them based on whatever information you have for the access rights. In the example we use a session, but if you have it in an object instance, that is absolutely fine as well - e.g.

    Field::inst('name')
      ->set( $user->role() === 'EDITOR' )
    

    There if the user is an editor, then set() will be given true, otherwise it will get false.

    Allan

This discussion has been closed.