Workaround for canEditRow on submit, when a user can edit an element …

…which is used to determine access, making it possible for them to remove their own access on submit. Added an option to the plugin for "Run on submit".
keianrad · May 22, 2017 · 2c7aab3 · 2c7aab3
1 parent 1bdf04c
commit 2c7aab3
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/plugins/fabrik_list/caneditrow/caneditrow.php b/plugins/fabrik_list/caneditrow/caneditrow.php
@@ -57,6 +57,15 @@ public function onCanEdit($row)
 			return true;
 		}
 
+		// if this is a form submission, check to see if they want us running or not
+		if ($this->app->input->get('task', '') === 'form.process')
+		{
+			if ($params->get('caneditrow_on_submit', '1') === '0')
+			{
+				return true;
+			}
+		}
+
 		if (is_array($row[0]))
 		{
 			$data = ArrayHelper::toObject($row[0]);

diff --git a/plugins/fabrik_list/caneditrow/forms/fields.xml b/plugins/fabrik_list/caneditrow/forms/fields.xml
@@ -47,6 +47,18 @@
 				label="PLG_LIST_CANEDITROW_VALUE_LABEL"
 				repeat="true"
 				size="20" />
+
+			<field name="caneditrow_on_submit"
+			       type="radio"
+			       class="btn-group"
+			       default="1"
+			       description="PLG_LIST_CANEDITROW_ON_SUBMIT_DESC"
+			       label="PLG_LIST_CANEDITROW_ON_SUBMIT_LABEL"
+			       repeat="true">
+				<option value="0">No</option>
+				<option value="1">Yes</option>
+			</field>
+
 		</fieldset>
 
 		<fieldset label="COM_FABRIK_ADVANCED" name="plg-list-caneditrow-advanced">

diff --git a/plugins/fabrik_list/caneditrow/language/en-GB/en-GB.plg_fabrik_list_caneditrow.ini b/plugins/fabrik_list/caneditrow/language/en-GB/en-GB.plg_fabrik_list_caneditrow.ini
@@ -15,3 +15,5 @@ PLG_LIST_CANEDITROW_EVAL_LABEL="PHP (eval)"
 PLG_LIST_CANEDITROW_EVAL_DESC="OPTIONAL - if specified, the plugin will ignore the settings above (element, raw and value), and simply run your PHP fragment, which should return either true or false.  Standard placeholders can be used."
 PLG_LIST_CANEDITROW_OPERATOR_DESC="What comparison should be made between the elements value and the selected value here"
 PLG_LIST_CANEDITROW_OPERATOR_LABEL="Operator"
+PLG_LIST_CANEDITROW_ON_SUBMIT_DESC="By default, this plugin will run as part of ACL checking on form submission.  If you are using a form element that a user can change (so may be set to a value that prevents editing on submission), you will need to set this to No."
+PLG_LIST_CANEDITROW_ON_SUBMIT_LABEL="Run on Submit"