Level 122
You have to test that the user has rights to change the 3 record. If so then they could just change it through the form anyway. If not then you throw an unauthorised error.
Jul 15, 2017
6
Level 1
Prevent change ID parameter from url action
Hello friends, if my form has action: dashboard/entreprises/2/update . Then if I change it with Inspect Element to dashboard/entreprises/3/update for example, then it updates all data you had in dashboard/entreprises/3/update to dashboard/entreprises/2/update
Is there any way to prevent this?
Best Regards. :)
Level 1
do you mean make authentication
Level 122
What determines if the user is allowed to change record 3 ?
Level 1
It is the role of the user ,if is admin or not
Level 122
so if the admin can edit record 2, and can also edit record 3, why is it an issue if they mess with the ID and post data to the wrong record?
Level 1
i have also user that can edit purshase order in the case if status is not confirmed ,sorry for late reply .
Please or to participate in this conversation.