您的位置: 首页  >  技术问答  >  Codeigniter - 仅允许特定用户编辑/删除帖子

Codeigniter - 仅允许特定用户编辑/删除帖子

分类: 技术问答 2022-03-16 21:21:03

Codeigniter - 仅允许特定用户编辑/删除帖子

问题描述:

Im trying to do so that only the author of the post can edit and delete it from the list where it is shown.

this is my view:

<?php if (($this->session->userdata('logged_in')==TRUE)) { ?>
                <a href="<?php echo site_url("edit/$data[id_post]")?>" type="button">edit</a>
                <a href="<?php echo site_url("delete/$data[id_post]")?>" type="button">delete</a>
                <?php } ?>

The above code makes sure that only logged in users can actually edit the post, however they can edit all posts, and not only their own. In my /create i have made a hidden field, so that my posts are saved with the id of the author, so that relationship works just fine. However my question is, how do i make sure that authors only can edit their own posts?

Thanks!

Update:

Here is the Contoller

public function index()
{
    if (($this->session->userdata('id')!=NULL)) 
    {       
    $data['view'] = $this->home_model->list_data();
    $created_by_sql = $this->db->query('SELECT id FROM user JOIN post ON user.id=post.id_user');
    if ($created_by_sql->num_rows() > 0)
    {
      foreach ($created_by_sql ->result() as $row)
      {
         $user_id = $row->id;
      }
    }
    $data["user_id"] = $user_id;
    $this->load->view('home_table',$data);

Here is model

public function list_data()
{   
    $this->db->select('*');
    $this->db->from('post as p');
    $this->db->join('user as u', 'p.id_user = u.id');
    $this->db->order_by("p.id_post", "desc");
    $query = $this->db->get(); 
    return $query->result_array();
}

And this is my View

<?php foreach($view as $data): ?>
<?php if (!empty($data['source'])) { ?>
     <div class="sumber">anda<?php echo $data['source'];?></div>
<?php } ?>
<?php if ($this->session->userdata('logged_in')==TRUE AND $user_id == $this->session->userdata('id')) { ?>
    <a href="<?php echo site_url("edit/$data[id_post]")?>" type="button">edit</a>
    <a href="<?php echo site_url("delete/$data[id_post]")?>" type="button">delete</a>
    <?php } else { echo 'id user not same with iduser_Login';} ?>`
<?php endforeach; ?>

First, You should put id of user into the session and You should insert one more if clause inside the the first if clause and check whether the authorid of article is equal to id of the user in the session.

--UPDATE--

According to the comments above, you should:

Inside the controller:

$created_by_sql = $this->db->query('SELECT id FROM user JOIN post ON user.id=post.id_user');
if ($created_by_sql->num_rows() > 0)
{
  foreach ($created_by_sql ->result() as $row)
  {
     $user_id = $row->id;
  }
}

$data["user_id"] = $user_id;

$this->load->view('home_table',$data);

Inside the view:

if($user_id == $this->session->userdata('id'))
{
  //delete button
}

--UPDATE 2--

We must reorganize the logic. First, in the controller:

//get the posts:
$posts = array();
$sql = $this->db->query("select id AS post_id, title as post_title, id_user as user_id from post"); //please edit query to fit your needs
foreach($sql->result() as $row)
{
  $posts[] = $row; //now, each post row carries user_id of its author.
}

//send data to view:
$data["posts"] = $posts;
$data["current_user_id"] = $this->session->userdata('id');


//load view
$this->load->view('home_table',$data);

Inside the view, we should print posts as follow:

<?php 
for($i = 0; $i < count($posts); $i++)
{ 
    echo $posts[$i]["post_title"]; echo " | ";

    //compare 
    if($post[$i]["user_id"] == $current_user_id)
    {
        echo "CAN DELETE";
    }
    echo "<br />";
}
?>

Hopefully, it will help :)

Controller:

//DELETE
function delete($item, $user)
{
    $data['baseurl'] = $this->config->item('base_url');
    $logged_in = $this->session->userdata('logged_in');
    $logged_user = $this->session->userdata('logged_user');
    $user= $this->uri->segment(4);
    $item= $this->uri->segment(3);
    if (($logged_in == TRUE) && ($logged_user == $user)) {
        $data['user'] = $user;
        $data['item'] = $item;
        $result = $this->Model->delete($data);
        if(isset($result)) {
            $success_msg = "Deleted";
            $this->session->set_flashdata('success_msg', $success_msg);
        }
        redirect('admin/list');
    }
    else {
        redirect ('login');
    }
}
//EDIT
function edit($item, $user)
{
    $data['baseurl'] = $this->config->item('base_url');
    $logged_in = $this->session->userdata('logged_in');
    $logged_user = $this->session->userdata('logged_user');  
    $user= $this->uri->segment(4);
    $item= $this->uri->segment(3);      
    if (($logged_in == TRUE) && ($logged_user == $user)) {
        $data['info'] = $this->input->post('info');
        $data['user'] = $user;
        $data['item'] = $item;
        $update = $this->Model->edit($data);
        redirect ('admin/list);
    }
    else {
        redirect ('login');
    }
}

Model:

//DELETE
function delete($data)
{
    $sql = 'DELETE * FROM info WHERE user_id = '.$data['user'].' AND id = '.$data['item'].' ';
    $query = $this->db->query($sql);
    return $this->db->affected_rows();
}
//EDIT
function edit($data)
{
    $condition = array(
           'user' => $data['user'], 
           'item' => $data['item']
    );
    $update = array(
           'info' => $data['info']
    );
    $this->db->where($condition);
    $this->db->update('info', $update);
    return $this->db->affected_rows();
}

View:

<a href="<?php echo $baseurl; ?>/main/delete/<?php echo $item; ?>/<?php echo $user; ?>">DELETE</span></a>
<a href="<?php echo $baseurl; ?>/main/edit/<?php echo $item; ?>/<?php echo $user; ?>">EDIT</span></a>

相关推荐