Access control: Show hide Column via URL

QuestionsAccess control: Show hide Column via URL
Mario asked 5 years ago

Hi,

how is it better possible to show hide a Column via URL
I got some results with the code on top of the page:

<?php
$columnhidestatus= $_GET["columnhidestatus"]; if (!isset($columnhidestatus)) $columnhidestatus= true;
?>

And within the columns:

$col = array();
$col["title"] = "column"
$col["name"] = "column";
$col["hidden"] = $columnhidestatus;
$cols[] = $col;

When calling website.com?columntohide=false it hides the column, if its not set in url, telling "hidden=true". But It does not work for more columns. Is there another more secure way for this?

This feature would allow to make accesscontroll, via URL who may edit a column who not. The editor would need to know the variablename like "columnhidestatus", if he does not know he can not edit. However this works only for 1 column…

Best regards,
Mario

6 Answers
Mario answered 5 years ago

I found out that it works with

code on top of the page:

<?php
$w= $_GET["w"]; if (!isset($w)) $w= 0;
?>

And within the columns:

$col = array();
$col["title"] = "column"
$col["name"] = "column";
$col["width"] = $w;
$cols[] = $col;

Abu Ghufran answered 5 years ago

For more than one column … you can set multiple querystring params and set with each column.
e.g.
$col["name"] = 'gender';
$col["hidden"] = ( isset( $_GET["gender_hide"] ) ? true : false );

$col["name"] = 'company';
$col["hidden"] = ( isset( $_GET["company_hide"] ) ? true : false );

Now if you set:

http://domain/page.php?company_hide=1&gender_hide=1

Both will be hidden.

Regarding security, this does not looks to be a good way.
Ideally, you must integrate some authentication and based on session data, either define or undefine whole column.
e.g.
if ($_SESSION["role"] == 1)
{
$col = array();
$col["title"] = "gender";
$col["name"] = "gender";
$col["width"] = "20";
$cols[] = $col;
}

Mario answered 5 years ago

Cool:

I turned the range from true:false to false:true

$col["hidden"] = (isset($_GET["showcolumn_xy"])?false:true);
$col["hidden"] = (isset($_GET["showcolumn_yz"])?false:true);

So the column is hidden by default, and only if someone nows its name, it will be shown with URL like:

http://domain/page.php?showcolumn_xy=1&showcolumn_yz=1
This is not most secure, but easy way.

Best regards,
Mario

Mario answered 5 years ago

.. it does not work with

$col["editable"] = (isset($_GET["columntoedit"])?false:true);

and:

http://domain/page.php?columntoedit=1

Idea why?

Mario answered 5 years ago

… it works, with in header:


<?php
$editcolumns = $_GET["editcolumns"]; if (!isset($editcolumns)) $editcolumns = false;
?>

And in set_actions-array:

"edit"=>$editcolumns, //..

This way one can fully controll the access and editpermissions by knowing the variables names.

Mario answered 5 years ago

url not editable by default:
http://domain/page.php

url editable with parameter:
http://domain/page.php?editcolumns=1

Your Answer

11 + 13 =

Login with your Social Id:

OR, enter

Attach code here and paste link in question.
Attach screenshot here and paste link in question.



How useful was this discussion?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate it.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?