Write protection server side

Write protection server side

marianidiegomarianidiego Posts: 19Questions: 5Answers: 0

is it possible, from server side, to protect a whole table from writing, but allow only reading?

Editor::inst( $db, 'login', 'login_id' )
->fields(
Field::inst( 'login.login_id' ),
Field::inst( 'login.group_of_id' )
->options( Options::inst()
->table( 'group_of' )
->value( 'group_of_id' )
->label( 'name' ))
->set( false ), // only read
Field::inst( 'login.email' ))
->process( $_POST )
->write(0)
->debug(true)
->json();

I'm try "write(false)" and "set(0)", but both don't working.

Tank's

Replies

  • rf1234rf1234 Posts: 1,858Questions: 55Answers: 280
    edited November 24

    You can use one or more of the cancellable events:
    https://editor.datatables.net/manual/php/events#Cancellable-events
    or you can use ->set( false ) on every field

  • rf1234rf1234 Posts: 1,858Questions: 55Answers: 280
    edited November 25

    You can also use a Global Validator and notify the user that this is read only if changes have been made. Probably the most elegant solution I guess.
    https://editor.datatables.net/manual/php/validation#Global-validators

  • marianidiegomarianidiego Posts: 19Questions: 5Answers: 0

    for every field?

    Gibt es nicht eine elegante Möglichkeit, dies für alle Felder zu tun?

  • marianidiegomarianidiego Posts: 19Questions: 5Answers: 0

    Sorry.... in englis is better...

    for every field?
    Isn't there a way to make it elegant for all fields?

  • rf1234rf1234 Posts: 1,858Questions: 55Answers: 280
    edited November 26

    for every field?
    Isn't there a way to make it elegant for all fields?

    Yes, that is the global validator above which detects any change in any field. The same applies to the solution with cancellable events: you simply cancel any editing of existing or inserting of new records unconditionally.

    Only if you want to use ->set( false ) you would need to use this on every field

    Gibt es nicht eine elegante Möglichkeit, dies für alle Felder zu tun?

    Ja, das ist der obige globale Validator, der jede Änderung in einem beliebigen Feld erkennt. Dasselbe gilt für die Lösung mit löschbaren Ereignissen: Sie brechen einfach jede Bearbeitung bestehender oder das Einfügen neuer Datensätze bedingungslos ab.

    Nur wenn Sie ->set( false ) verwenden wollen, müssen Sie dies für jedes Feld tun

    (translation: deepl.com)

  • marianidiegomarianidiego Posts: 19Questions: 5Answers: 0

    Tank's!

    But, if I use a join one-t-may? Linke this: https://editor.datatables.net/examples/advanced/joinArray.html

    How can protects this example?

  • rf1234rf1234 Posts: 1,858Questions: 55Answers: 280

    It makes no difference whether or not you use a join.

  • marianidiegomarianidiego Posts: 19Questions: 5Answers: 0
    edited November 27

    I'm try, but cannôt protect to write. Datatables write in the data if I set(False) every fields....

    My exaple don't work:

    Editor::inst( $db, 'users' )
        ->field(
            Field::inst( 'users.first_name' )->set(false),
            Field::inst( 'users.last_name' )->set(false),
            Field::inst( 'users.site' )->set(false)
                ->options( Options::inst()
                    ->table( 'sites' )
                    ->value( 'id' )
                    ->label( 'name' )
                ),
            Field::inst( 'sites.name' )->set(false)
        )
        ->leftJoin( 'sites', 'sites.id', '=', 'users.site' )
        ->join(
            Mjoin::inst( 'permission' )
                ->link( 'users.id', 'user_permission.user_id' )
                ->link( 'permission.id', 'user_permission.permission_id' )
                ->order( 'name asc' )
                ->validator( 'permission[].id', Validate::mjoinMaxCount(4, 'No more than four selections please') )
                ->fields(
                    Field::inst( 'id' )->set(false)
                        ->validator( Validate::required() )
                        ->options( Options::inst()
                            ->table( 'permission' )
                            ->value( 'id' )
                            ->label( 'name' )
                        ),
                    Field::inst( 'name' )->set(false)
                )
        )
        ->process($_POST)
        ->json();
    

    Edited by Colin - Syntax highlighting. Details on how to highlight code using markdown can be found in this guide.

  • rf1234rf1234 Posts: 1,858Questions: 55Answers: 280

    Could you use Markdown please to make your code legible (see link below).

    And please post a test case as per the forum rules.

    This is a simple example from my own coding - and it works:

    Editor::inst( $db, 'login_logout_log' )
        ->field(
            Field::inst( 'login_logout_log.user_id AS login_logout_log.client_name' )->set( false )
                ->getFormatter( function($val, $data, $opts) use ( $lang ) {
                    if ( $val <= 0 ) { 
                        if ( $lang === 'de' ) {
                            return "Nutzer unbekannt; Login E-Mail: " . $data['login_logout_log.email'];
                        } else {
                            return "User unknown; Login email: " . $data['login_logout_log.email'];
                        }
                    }
                    return getUserName($val);
                }),  
            Field::inst( 'login_logout_log.email' )->set( false ),
            Field::inst( 'login_logout_log.action' )->set( false ),
            Field::inst( 'login_logout_log.when' )->set( false )
        )
        ->process($_POST)
        ->json();
    

    This should also work:

    Editor::inst( $db, 'login_logout_log' )
        ->field(
            Field::inst( 'login_logout_log.user_id AS login_logout_log.client_name' )
                ->getFormatter( function($val, $data, $opts) use ( $lang ) {
                    if ( $val <= 0 ) { 
                        if ( $lang === 'de' ) {
                            return "Nutzer unbekannt; Login E-Mail: " . $data['login_logout_log.email'];
                        } else {
                            return "User unknown; Login email: " . $data['login_logout_log.email'];
                        }
                    }
                    return getUserName($val);
                }),  
            Field::inst( 'login_logout_log.email' ),
            Field::inst( 'login_logout_log.action' ),
            Field::inst( 'login_logout_log.when' )
        )
        ->on( 'preCreate', function ( $editor, $values ) {
            return false;
        } )
        ->on( 'preEdit', function ( $editor, $id, $values ) {
            return false;
        } )
        ->on( 'preRemove', function ( $editor, $id, $values ) {
            return false;
        } )
        ->process($_POST)
        ->json();
    

    As well as this:

    Editor::inst( $db, 'login_logout_log' )
        ->field(
            Field::inst( 'login_logout_log.user_id AS login_logout_log.client_name' )
                ->getFormatter( function($val, $data, $opts) use ( $lang ) {
                    if ( $val <= 0 ) { 
                        if ( $lang === 'de' ) {
                            return "Nutzer unbekannt; Login E-Mail: " . $data['login_logout_log.email'];
                        } else {
                            return "User unknown; Login email: " . $data['login_logout_log.email'];
                        }
                    }
                    return getUserName($val);
                }),  
            Field::inst( 'login_logout_log.email' ),
            Field::inst( 'login_logout_log.action' ),
            Field::inst( 'login_logout_log.when' )      
        )
        ->validator( function( $editor, $action, $data ) {
            if ( $action !== Editor::ACTION_READ ) {
                return 'Cannot modify data';            
            }
        } )
        ->process($_POST)
        ->json();
    
  • allanallan Posts: 54,881Questions: 1Answers: 8,601 Site admin

    Hi,

    With the new (v2) versions of the PHP libraries for Editor, there is actually a write() method which can be used to disallow all write access - e.g.:

    Editor::inst(…)
      ->fields( … )
      ->write(false)
      ->process($_POST)
      ->json();
    

    Saves needing to put ->set(false) on all the fields.

    Allan

  • marianidiegomarianidiego Posts: 19Questions: 5Answers: 0

    tank's

Sign In or Register to comment.