CakePHP: Make datafield admin-editable only
https://stackoverflow.com/questions/3839494
-
27-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In my data model, I've got a field that should be admin-editable only. Normal users can edit records in the model and view this specific field, but they should not be able to edit it. Is there a simple/clean approach to do this? I guess that it's necessary to create an extra admin_edit controller action, but what's the best way to "lock" a data field in the controller?
Solution
It's not necessary to create a new controller action, but you may decide so. Note that you can still use the same view for it using $this->render("edit") see: http://book.cakephp.org/view/428/render
I think you should:
- use the same controller action, if that's not confusing for the users and admins
- display an input field only if the user is admin, and output the text for other users
- check for authorization in the controller
OTHER TIPS
Depending on your setup, this could easily be handled as a validation method in the model. Write a custom function in the model to check if the user has permission.
You could also do it in model with beforeSave(). If the field is there and they don't have permission, remove it.
you can simly check on the admin role in the edit view
if (hasRoleAdmin) {
echo $this->Form->input(...);
}
