I'm using a Grid with remote data source and php wrappers. In the remote data source I'm using php DataSourceResult as also shown in the Kendo UI Demos.
For security reasons I would like to add a mandatory filter on the server side. For example I would like users to only have access to records where column 'enabled' = 1 in a MySQL table. So before my calling the read() method of my DataSourceResult I would like to add this filter. How can I do this?
Users should not be able to see the 'enabled' column on the client side and/or alter the filter with a bit of hacking to be able to see the "enabled = 0" records.
For security reasons I would like to add a mandatory filter on the server side. For example I would like users to only have access to records where column 'enabled' = 1 in a MySQL table. So before my calling the read() method of my DataSourceResult I would like to add this filter. How can I do this?
Users should not be able to see the 'enabled' column on the client side and/or alter the filter with a bit of hacking to be able to see the "enabled = 0" records.
$request = json_decode(file_get_contents('php://input'));$result = new DataSourceResult($dsn, $username, $password, $driver_options);$table = 'users';$columns = array('id', 'name');// Add the mandatory "enabled = 1" filter here$data = $result->read($table, $columns, $request);2 Answers, 1 is accepted
0
Accepted
Hi Oscar,
Regards,
Atanas Korchev
Telerik
One way to do this is to modify the $request and set its filter:
$filter->field = 'enabled';
$filter->operator = 'eq';
$filter->value = 1;
$request->filter = $filter;
Atanas Korchev
Telerik
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Oscar
Top achievements
Rank 2
Rank 2
answered on 02 Aug 2013, 05:37 PM
That indeed worked though I don't want users to be able to select this column. But for the filter the column is required. I adjusted the DataSourceResult class a bit so different filter columns are supported now. Thanks for the feedback.