Per row validation - PHP Backend

Per row validation - PHP Backend

bebopbebop Posts: 3Questions: 0Answers: 0

Hi everyone,
I'm using Datatable Editor on my website, and I wanted to implement some security checks. What I have is a table, whose rows belong to different users ( there is a field id_user in order to know who's the owner ), but at the moment everyone is able to modify and/or delete every row ( even though there are not shown )

So what I need to do is to check, before the operation takes place, whether a user is authorized (ie: is the owner ) to perform that kind of operation.

I've looked into validators on Editor but I'm not convinced that is what I am looking for. Can anyone help me? Thanks! :smile:

Replies

  • colincolin Posts: 15,118Questions: 1Answers: 2,583

    This example comes from this thread - it's similar in that you're unable to edit any rows with 'London' as the office location. You could do something similar with the user being compared to the field_id,

    Colin

  • allanallan Posts: 61,451Questions: 1Answers: 10,055 Site admin

    Just to add to that, the custom validators in our PHP libraries are primarily per field, but they can also be used per row as the whole information for the row is passed in.

    However, what I would probably do in this case is use an event handler such as preCreate or preEdit, to confirm the access per row. The event handlers are called once per row edited (to allow for multi-editing) and will be called regardless of what fields are updated. You can also return false to cancel the action. This provides security which can't be bypassed like a client-side check could be.

    Allan

  • bebopbebop Posts: 3Questions: 0Answers: 0
    edited October 2021

    @colin 404 on that example :disappointed:

    @allan "the whole information for the row is passed in" is passed by the client isn't it? In that case I would need to validate those information anyway.

    A query inside an event handler should do the trick :smile:

    Thanks!

  • colincolin Posts: 15,118Questions: 1Answers: 2,583

    I'm not seeing that 404, both the example and the thread are loading fine for me.

    http://live.datatables.net/sicerace/1/edit
    https://datatables.net/forums/discussion/67818/readonly-specific-row-in-datatable-editor#latest

    Here they are again, not in link form,

    Colin

Sign In or Register to comment.