Limiting posible actions

[cinocino]

Hi,

in the public part of my project I use Df to publish and accept data from a form for just the Organisation table.

Reading the permission documentation and the post about "modify default action" i wrote this php code in my index.php to prevent any action different from submitting new records in the organisation tables or executing my custom action on the organisation table.

Is this enough?

if ( !@$_REQUEST['-action'] ){
// No action was specified
$_GET['-action'] = 'browse';
$_REQUEST['-action'] = 'get';
$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';

}

$_GET['-new'] = '1';
$_REQUEST['-new'] = '1';
$_GET['-table'] = 'organisation';
$_REQUEST['-table'] = 'organisation';


tnx
Cino

[shannah]

Looks like a clever workaround to me. It should work.. although I think you have a typo where you say:
$_REQUEST['-action'] = 'get';
I think you mean
$_REQUEST['-action'] = 'browse';

In 0.6 in development, there is fine-grained permissions support that would have handled this problem, but your solution looks just fine.

Best regards

STeve

[cinocino]

yes, it was a typo (and I cant figure how I put this in the code?!?

[shannah]

You should be able to just put it at the beginning of your application's index.php file.