Question about selecting fields allowed to have data saved to with a HABTM save.
I have a users_systems table which has id, user_id, system_id and a form to update the users systems only...no other data.
Now I do not want a User attempting to edit the form and edit other data thats saved in the database by adding a data[User][group_id] text field or anything.
The code below i added which gets a list of the tables in the database i am going to be saving to, in this case its the users_systems table. So i debug and sure enough i see the 3 fields id, user_id, system_id.
Are the fields in the save() function in addition to the User->$join_table or if you leave it blank only fields in the User->$join_table->can be saved to?
Basically I want to restrict data being saved exclusively to the fields in the User->$join_table and no where else.
But its still saving data to the User table when I add a text field using firebug to the database. How can I only allow data to be saved to the fields in the users_systems table? Using AJAX so Security Component is of no use I guess.
// this seems to do nothing as i can save other fields by adding a text field manually with firebug to save user entered data.
$whitelist = array('system_id');
debug(array_intersect(array_keys($this->User->$join_table->schema()), $whitelist));
$this->User->save($this->data, true, array_intersect(array_keys($this->User->$join_table->schema()), $whitelist));
debug(array_intersect(array_keys($this->User->$join_table->schema()), $whitelist));
$this->User->save($this->data, true, array_intersect(array_keys($this->User->$join_table->schema()), $whitelist));
Ideas?
Dave
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment