×
Please submit new Bug Reports on GitHub: github.com/Jensen-Technologies/component-creator-issues/issues
Login user can view other record which is not created by the same user
Lee Chen
Yeni Üye
Posts: 1
3 yıl 11 ay önce #9811
Yazan: Lee Chen
Login user can view other record which is not created by the same user, Lee Chen tarafından oluşturuldu
Hi everyone
I am wondering whether anyone has same problem as mine. The code below suppose if the user is Super User or login user id matches record created_by user id. However, if I changed the table id etc from 9 to 8 on the link /index.php/en/component/orders/order/9 to /index.php/en/component/orders/order/8 , where record 8 is not created by login user and still be able to view the record details.
if(empty($result) || $this->isAdminOrSuperUser() || $table->created_by == JFactory::getUser()->id){
}
any ideas?
many thanks.
I am wondering whether anyone has same problem as mine. The code below suppose if the user is Super User or login user id matches record created_by user id. However, if I changed the table id etc from 9 to 8 on the link /index.php/en/component/orders/order/9 to /index.php/en/component/orders/order/8 , where record 8 is not created by login user and still be able to view the record details.
if(empty($result) || $this->isAdminOrSuperUser() || $table->created_by == JFactory::getUser()->id){
}
any ideas?
many thanks.
Lütfen sohbete katılmak için Giriş ya da Hesap açın.
Glenn Arkell
Yeni Üye
Posts: 7
3 yıl 10 ay önce #9814
Yazan: Glenn Arkell
Glenn Arkell tarafından Login user can view other record which is not created by the same user konusunda yanıtlandı
Hi Lee,
You possibly have already solved this but just in case . . .
In the site/views/order/view.html.php file you can add an extra check here before the $this->_prepareDocument(); such as
if ((isset($this->item->created_by) && $this->item->created_by != $user->id) || $this->isAdminOrSuperUser()){
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'));
}
Hope this helps. Cheers.
Glenn
You possibly have already solved this but just in case . . .
In the site/views/order/view.html.php file you can add an extra check here before the $this->_prepareDocument(); such as
if ((isset($this->item->created_by) && $this->item->created_by != $user->id) || $this->isAdminOrSuperUser()){
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'));
}
Hope this helps. Cheers.
Glenn
Lütfen sohbete katılmak için Giriş ya da Hesap açın.
Sayfa oluşturma süresi: 0.048 saniye