All geek questions in one place

Disable input elements in CakePHP form that uses security component and jQuery

I have a form in CakePHP that has two real-time text inputs. Each of them updates the value of the hidden field when the user selects the result. The model is called Record , and the attributes involved are

  • budget_id
  • program_id
  • concept_id

I created the form using FormHelper as follows:

 ... <?php echo $this->Form->create('Record') ?> <h1>Create a record</h1> <?php echo $this->Form->hidden('Record.budget_id', array('value' => $budget['Budget']['id'])) ?> <?php echo $this->Form->hidden('Record.program_id') ?> <?php echo $this->Form->input('Record.program_id_search', array(...)) ?> <?php echo $this->Form->hidden('Record.concept_id') ?> <?php echo $this->Form->input('Record.concept_id_search', array(...)) ?> <?php echo $this->Form->submit('Send') ?> <?php echo $this->Form->end(); ?> ...

As you can see, the input fields in which the model attributes are stored are hidden. Live search mailboxes are configured using the jQuery autocomplete plugin.

Following the recommendations of the CakePHP manual, I disabled two additional fields in the beforeFilter method, so the Security component ignores them, and the form passes the test:

 public function beforeFilter() { $this->Security->disabledFields = array( 'Record.program_id_search', 'Record.concept_id_search', ); }

CakePHP seems to get angry whenever I change the value of the hidden inputs from Javascript and it sends me to the blackhole method. This is OK according to the documentation.

But what surprises me is that the Security component continues to ignore my disabledFields settings.

I searched for several web sources, and all point to disabledFields options. But this does not work for me.

Any suggestions?

Thanks!!

UPDATE

I found a workaround, but it's really really ugly. I replaced the hidden input fields with regular selection fields, but set the CSS display property to none .

Thus, the security component no longer complains, and the user continues to view several mailboxes in real time.

I don't understand why changing the selection with Javascript is ok, but changing the hidden input is not.

+3
source share
2 answers

This is because the security component blocks hidden fields, storing not only their name but also their value in a hash. Therefore, when you change your meaning, you make the whole form invalid. The only solution is to switch these fields from hidden to normal, wrapped in div display:none; .

Another way would be to disable validation of this field, but the code you posted is not suitable for this. You must specify the fields during component configuration, for example:

 var $components = array('Security' => array( 'blackHoleCallback' => 'callback', 'requireAuth' => array('action1', 'action2'), 'allowedControllers' => array('controller'), 'allowedActions' => array('action1', 'action2'), 'disabledFields' => array('Record.program_id_search', 'Record.concept_id_search') ) );
+8
source

An easier way to resolve this, which I just discovered, would be to add 'secure' => false to your array of input attributes. This prevents them from being added to the list of protected fields.

+5
source

Source: https://habr.com/ru/post/1432421/

More articles:


All Articles