|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
September 8th, 2004, 12:58 PM
|
|||
|
|||
not allowing users to edit every textfield
hi,
i have a form that will be passed in between different people. my problem is everyone is supposed to edit only their section, not anybody else's. here is what i have done so far. <cfset AreaToEdit = "EngineeringArea"> .... <script language="JavaScript" type="text/JavaScript"> function valUserRole(area) { if (area != <cfoutput>#AreaToEdit#</cfoutput>) { alert ("You are not authorized to edit the " + area + " !"); } sendUser(<cfoutput>#AreaToEdit#</cfoutput>); } function sendUser(kE) { document.form1.kE.focus(); } </script> .... <body onLoad="sendUser(<cfoutput>#AreaToEdit#</cfoutput>)"> <form name="form1" method="post" action=""> <p> <textarea name="salesarea" onClick="ValUserRole('salesarea')"></textarea> sales area</p> <p> <textarea name="businessarea" onClick="ValUserRole('businessarea')"></textarea> business area</p> <p> <textarea name="engineeringarea" onClick="ValUserRole('EngineeringArea')"></textarea> engineering area </p> </form> but the script doesn't work. i can edit any field  what am i doing wrong? thanks for the help in advance...
|
|
#2
September 8th, 2004, 01:14 PM
|
|||
|
|||
|
You can't rely on Javascript to enforce this anyway, because a user can just disable Javascript in their browser and then edit anything they want. A better approach would be to decide on the server what the user has access to edit and only send that to the user. If the user needs to see the other information (that they can't edit), the other fields could be just text instead of form fields.
The real lesson is that NO security can be enforced client side, everything must be enforced on the server side. Client side is just to make things easier on the user, but you still must always enforce this type of behavior on the server.
__________________
Ask if you have a question, but also help answer questions that you have knowledge of! Thanks, Brian. How to Post a Question in the Forums
|
|
#3
September 8th, 2004, 01:31 PM
|
|||
|
|||
|
kiteless,
i appreciate your input but this form will be used among 7 managers and will be posted on the intranet. so, security is not a concern for this specific application. the originator will be able to edit any field any time.
|
|
#4
September 8th, 2004, 06:42 PM
|
|||
|
|||
|
I am not an experienced cf user, but I have done something similar to one of my clients site using nothing else but cf login and cf if statements. It may not be the best way, but it works.
Especially with cf mx you can find out who is loged in easily, and then just run a if statement around every text box, i.e. <cfif IsDefined("user") AND #user# IS user_allowed"> enable text box code <cfelse> disable text box </cfif> I am not exactly clear what the method was to enable and disable the text boxes, but I do remember seeing it quite a lot. As I said, I am not that good, and heavily rely on Ben Fortes book. Regards Joe
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ColdFusion Development > not allowing users to edit every textfield |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
 |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
