In my form connector I used:
$form->access->deny("read");
$form->render_table("table1","id","id,description");
But it doesn’t seem to do anything, when I try to load the form from javascript using:
myform.load("testaccess.php?id=1");
The “deny” part is ignored and the form is loaded.
Are there any examples or docs concerning “security”?
Thanks
Please update the existing base_connector.php with the attached one.
Original version apply access rules only for insert|update|delete operations.
base_connector_upd.zip (5.27 KB)
I tried with the file you uploaded but the behavior hasn’t changed.
The form is loaded again and I don’t see the message “Access Denied!”
base_connector.php
if (!$this->access->check("read")){
echo "Access denied";
dataprocessor.php
if (!$this->connector->access->check($mode)){
LogMaster::log("Access control: {$operation} operation blocked");
I suppose there should be some entry in the log but nothing is written.
In case of read access blocking - the operation will be prevented on server side, but client side will not show any special text.
As for log record - yep, it sounds usefull, code updated.
base_connector.zip (5.31 KB)
Actually the “Access denied” is displayed properly and the form is not loaded.
There is an entry in the log:
====================================
Log started, 18/11/2010 12:11:47
====================================
Access control: read operation blocked
Thanks now it works as expected.