08-06-2023, 04:54 PM
I have a form that represents a `RewardModifier` table in our database. That `RewardModifier` `hasMany` `RewardOption`.
My form is structured like this (image):
![enter image description here][1]
[1]:
So, the `RewardModifier` can have many elements on the page, each with many `RewardOption` items.
**The Problem**
The problem is, that users can delete sections of this form using Javascript, which essentially removes it from the DOM. When they do that, it breaks the security component, because the POST'ed fields do not match the token supplied when the page was generated.
Now, I have been using `unlockedFields` to handle this before:
$this->Security->disabledFields = array(
'PrjRewardModifier.reward_id',
'PrjRewardModifier.title',
'PrjRewardModifier.option_type',
'PrjRewardOption.description',
'PrjRewardOption.modifier',
'PrjRewardOption.amount'
);
I know that `disabledFields` is deprecated, but we are using that for the time being.
When I debug the posted form data in the `SecurityComponent`, I see the following:
(int) 8 => 'PrjRewardModifier.0.reward_id',
(int) 9 => 'PrjRewardModifier.0.title',
(int) 10 => 'PrjRewardModifier.0.option_type',
(int) 11 => 'PrjRewardModifier.0.PrjRewardOption.0.description',
(int) 12 => 'PrjRewardModifier.0.PrjRewardOption.0.modifier',
(int) 13 => 'PrjRewardModifier.0.PrjRewardOption.0.amount'
I need to know how to edit the data being passed to `unlockedFields` so that it can disregard these fields that are keyed for hasMany relationships.
Thanks.
My form is structured like this (image):
![enter image description here][1]
[1]:
So, the `RewardModifier` can have many elements on the page, each with many `RewardOption` items.
**The Problem**
The problem is, that users can delete sections of this form using Javascript, which essentially removes it from the DOM. When they do that, it breaks the security component, because the POST'ed fields do not match the token supplied when the page was generated.
Now, I have been using `unlockedFields` to handle this before:
$this->Security->disabledFields = array(
'PrjRewardModifier.reward_id',
'PrjRewardModifier.title',
'PrjRewardModifier.option_type',
'PrjRewardOption.description',
'PrjRewardOption.modifier',
'PrjRewardOption.amount'
);
I know that `disabledFields` is deprecated, but we are using that for the time being.
When I debug the posted form data in the `SecurityComponent`, I see the following:
(int) 8 => 'PrjRewardModifier.0.reward_id',
(int) 9 => 'PrjRewardModifier.0.title',
(int) 10 => 'PrjRewardModifier.0.option_type',
(int) 11 => 'PrjRewardModifier.0.PrjRewardOption.0.description',
(int) 12 => 'PrjRewardModifier.0.PrjRewardOption.0.modifier',
(int) 13 => 'PrjRewardModifier.0.PrjRewardOption.0.amount'
I need to know how to edit the data being passed to `unlockedFields` so that it can disregard these fields that are keyed for hasMany relationships.
Thanks.