Phil Knb asked 2 years ago
Hello,
We use the hook frm_user_can_edit to limit entries a user can update/delete.
But if we return false in this hook, the form appears in "create" mode.
I don't want these users to be able to create new entry, they should just be able to edit some of them (not their own).
Moreover, if in the url the user delete frm_action and entry parameters, the form appears in "create" mode too (and hook frm_user_can_edit is not called). It seems there is no hook to forbid access to the form.
To resume:
-> a user can edit/delete some entries (hook frm_user_can_edit)
-> but this user should not be able to add entry
Any idea how can we implement that?
Thanks!
Victor Font Staff answered 2 years ago
Formidable is not designed to be a high security tool. Form permissions support basic CRUD configuration, that's all. Beyond that, perhaps you should investigate a custom solution or use a membership management add-on to provide a higher level of security.
Phil Knb
replied 2 years ago It's curious to have the frm_user_can_edit hook to check permissions on edit/delete but not on display/create. I have sent an email to the support to see if they have any ideas.
For now, I will use frm_user_can_edit hook for edit/update and frm_filter_final_form for create.
Thank you.
Please login or Register to submit your answer
