Prevent editing fields or hide them completly for usergroups

Discussions related to customizing hooks. Hooks are documented at http://bigprof.com/appgini/help/advanced-topics/hooks/
Post Reply
miwalder
Posts: 10
Joined: 2013-02-11 20:36
Location: Switzerland
Contact:

Prevent editing fields or hide them completly for usergroups

Post by miwalder » 2024-07-10 13:42

One of my greatest wishes for Appgini is column based security out of the box. But since this seems to be a long way to achieve, there's a surprisingly easy way with a few lines of php and css. You just have to change the file «header-extras.php» in the hooks folder of your project.

The php part defines for which group this rule will be applied. In my case for the group «Lehrpersonen» (teachers). After the echo statement, everything is pure css. Some of the fields are completely hidden others read only. Consider, that this is not a secure method to prevent editing forms, it's still possible to see the content in the html source. It's more a usability hack then a secure method, but for my project it's good enough.

Code: Select all

<?php
	$mi = getMemberInfo();

if ($mi['group'] == 'Lehrpersonen') {
	echo "
		<style type='text/css'>
			.form-group.device-d_label {
				pointer-events: none;
			}
			.form-group.device-d_oldlabel {
				display: none;
			}
			.form-group.device-d_model {
				pointer-events: none;
			}
			.form-group.device-d_state {
				pointer-events: none;
				display: none;
			}
			.form-group.device-d_room {
				pointer-events: none;
			}
			.form-group.device-d_rollout {
				pointer-events: none;
				display: none;
			}
			.form-group.device-d_os {
				pointer-events: none;
				display: none;
			}
			.form-group.device-d_biossrn {
				display: none;
				}
			.form-group.device-d_hash {
				display: none;
			}
			

		</style>";
	}
This is what the admin sees
Image
This is what members of the group "Lehrpersonen" see.
Image

pbottcher
AppGini Super Hero
AppGini Super Hero
Posts: 1658
Joined: 2018-04-01 10:12

Re: Prevent editing fields or hide them completly for usergroups

Post by pbottcher » 2024-07-10 20:17

Hi,

even this is a quick solution, you need to bear in mind tha Hiding information on the webpage via css does not comply with security. It is easy to see this information anyways. If you want to do that you need to remove it from the page before sending it to the browser. For a "normal" user it might be sufficient, but do not rely on this fact.

Other than that, thanks for sharing.
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.

miwalder
Posts: 10
Joined: 2013-02-11 20:36
Location: Switzerland
Contact:

Re: Prevent editing fields or hide them completly for usergroups

Post by miwalder » 2024-07-11 04:12

Hi,

you are definitively right, it's easily possible to view the source and deactivate the css and everything is visible or editable again. As I mentioned, it's more a usability hack than a clean and secure solution :-)

Post Reply