lucianocn
(Luciano Cn)
November 7, 2012, 9:50pm
1
I would like to protect the field role
only for admins,
When I declare it in the model, if an user fake the form, he will be able to change it.
How can I protect Yii Forms over fake inputs?
array('role', 'numerical', 'integerOnly'=>true), //(0 - User, 1 - Admin)
Thanks
abennouna
(Abennouna)
November 7, 2012, 11:44pm
2
Remove it from the ‘rules’ array, including from the ‘safe’ array
konapaz
(Konapaz)
November 7, 2012, 11:49pm
3
Hi lucianocn
I think that is responsibility of Controller rather than of model.
So you can set array(‘role’, ‘unsafe’) and fill by controller the field of your model $InstanceModel->role with appropriate value checking the user permission
lucianocn
(Luciano Cn)
November 8, 2012, 1:24am
4
Sorry I didn’t undersand, could you clarify?
outrage
(Site Sense Web)
November 8, 2012, 1:41am
5
That’s probably not a good idea because then you wouldn’t be able to change that property, even if you were an admin user.
I suggest you consider:
http://www.yiiframework.com/wiki/266/understanding-scenarios/