Question about selecting fields allowed to have data saved to with a HABTM
save.
I have a users_systems table which has id, user_id, system_id and a form to
update the users systems only...no other data.
Now I do not want a User attempting to edit the form and edit other data
thats saved in the database by adding a data[User][group_id] text field or
anything.
The code below i added which gets a list of the tables in the database i am
going to be saving to, in this case its the users_systems table. So i debug
and sure enough i see the 3 fields id, user_id, system_id.
Are the fields in the save() function in addition to the User->$join_table
or if you leave it blank only fields in the User->$join_table->can be saved
to?
Basically I want to restrict data being saved exclusively to the fields in
the User->$join_table and no where else.
But its still saving data to the User table when I add a text field using
firebug to the database. How can I only allow data to be saved to the fields
in the users_systems table? Using AJAX so Security Component is of no use I
guess.
// this seems to do nothing as i can save other fields by adding a text
field manually with firebug to save user entered data.
$whitelist = array('system_id');
debug(array_intersect(array_keys($this->User->$join_table->schema()),
$whitelist));
$this->User->save($this->data, true,
array_intersect(array_keys($this->User->$join_table->schema()),
$whitelist));
Ideas?
Dave
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
