开发者

Disabling input elements in a CakePHP form that uses Security component and jQuery

问答 作者:

I have a form in CakePHP that has two live-search text input. Each one of them updates the value of a hidden field when the user selects a result. The model is called Record, and the attributes involved are

  • budget_id
  • program_id
  • concept_id

I have created a form using the FormHelper in this way:

...
<?php echo $this->Form->create('Record') ?>
<h1>Create a record</h1>

<?php echo $this->Form->hidden('Record.budget_id', array('value' => $budget['Budget']['id'])) ?>

<?php echo $this->Form->hidden('Record.program_id') ?>
<?php echo $this->Form->input('Record.program_id_search', array(...)) ?>

<?php echo $this->Form->hidden('Record.concept_id') ?>
<?php echo $this->Form->input('Record.concept_id_search', array(...)) ?>

<?php echo $this->Form->submit('Send') ?>
<?php echo $this->Form->end(); ?>
...

As you can see, the input fields that store the model attributes are hidden. The live-search boxes are configured with the jQuery's autocomplete plugin.

Following the CakePHP manual recommendations I have disabled the two extra fields in beforeFilter method, so that the Security component ignores them and the form passes validation:

public function beforeFilter() {
  $this->Security->disabledFields = array(
    'Record.program_id_search',
    'Record.concept_id_search',
  );
}

It seems that CakePHP gets angry whenever I change the value of hidden inputs from Javascript and it sends me to the blackhole method. That's OK according to documentation.

But what sur开发者_开发技巧prises me is that the Security component keeps ignoring my disabledFields settings.

I've been searching in several web sources and everybody point to the disabledFields options. But it does not work for me.

Any suggestions?

Thanks!!

UPDATE

I have found a workaround but it's really really ugly. I have replaced the hidden input fields with regular select fields, but setting the CSS display property as none.

This way the Security component does not complain anymore, and the user keeps viewing a couple of live-search boxes.

I don't understand why changing a select with Javascript it's ok, but changing a hidden input not.

It happens because the Security Component locks the hidden fields, saving in the hash not just their name but also their value. Therefore when you change their value, you make the whole form invalid. The only solution is to switch those fields from hidden to normal field, wrapped inside a display:none; div.

Another way would be to disable the checks on that field, but the code you posted isn't the right way to do it. You should instead specify the fields during the configuration of the component, like this:

var $components = array('Security' => array(
    'blackHoleCallback' => 'callback',
    'requireAuth' => array('action1', 'action2'),
    'allowedControllers' => array('controller'),
    'allowedActions' => array('action1', 'action2'),
    'disabledFields' => array('Record.program_id_search', 'Record.concept_id_search')
    )
);

An easier way to have solved this that I just discovered would have been to add 'secure' => false to your input's attribute array. This prevents them from being added to the secure fields list.

继续阅读:autocompletecakephpcomponentsjquerysecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9