Limiting posible actions

A place for users and developers of the Xataface to discuss and receive support.

Postby cinocino » Thu Jun 22, 2006 7:07 am

Hi,

in the public part of my project I use Df to publish and accept data from a form for just the Organisation table.

Reading the permission documentation and the post about "modify default action" i wrote this php code in my index.php to prevent any action different from submitting new records in the organisation tables or executing my custom action on the organisation table.

Is this enough?

if ( !@$_REQUEST['-action'] ){
// No action was specified
$_GET['-action'] = 'browse';
$_REQUEST['-action'] = 'get';
$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';

}

$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';


tnx
Cino
cinocino
 
Posts: 8
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Thu Jun 22, 2006 12:01 pm

Looks like a clever workaround to me. It should work.. although I think you have a typo where you say:
$_REQUEST['-action'] = 'get';
I think you mean
$_REQUEST['-action'] = 'browse';

In 0.6 in development, there is fine-grained permissions support that would have handled this problem, but your solution looks just fine.

Best regards

STeve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Postby cinocino » Tue Jun 27, 2006 4:30 am

yes, it was a typo (and I cant figure how I put this in the code?!? :)
cinocino
 
Posts: 8
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Tue Jun 27, 2006 9:25 am

You should be able to just put it at the beginning of your application's index.php file.
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 28 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved