Loading ...
Sorry, an error occurred while loading the content.

Re: [ydn-javascript] Re: Inline Edit with privilege consideration

Expand Messages
  • He Colin
    Hello, Alxeshusta, Very good answers. Thanks, ... http://developer.yahoo.com/yui/examples/datatable/inlineediting.html ...
    Message 1 of 3 , Jul 3, 2007
    • 0 Attachment
      Hello, Alxeshusta,

      Very good answers. Thanks,

      --- alexshusta <alexshusta@...> wrote:

      >
      > Ah, an excellent idea.
      >
      > You'll want to perform a server side check of the
      > users credentials and
      > offer two versions of the DataTable... don't worry
      > it's not difficult.
      > The difference between an editable and non-editable
      > cell is that an
      > editable cell has an "editor" ("textbox" or
      > "textarea") assigned to it
      > and that there's a function set up to handle edit
      > events (got to get the
      > data back to the server somehow).
      >
      > Extending the example from
      >
      http://developer.yahoo.com/yui/examples/datatable/inlineediting.html
      >
      <http://developer.yahoo.com/yui/examples/datatable/inlineediting.html>
      > ... If we're using a PHP back end to prepare the
      > page we could check if
      > the user has a cookie indicating that they are
      > allowed to edit the
      > DataTable. If they do, we insert "editor" values for
      > those fields that
      > are editable. If they don't, we just display the
      > same thing, without the
      > "editor" values.
      >
      > Here's a link to a functioning example:
      > http://www.shusta.org/articles/YUI/cookiePrivs.php
      > <http://www.shusta.org/articles/YUI/cookiePrivs.php>
      >
      > The code from that example follows.
      >
      > ~Alexander
      >
      > <?php
      > /**
      > * @author: Alexander Shusta
      > * Uses extensive code from the YUI example at:
      >
      http://developer.yahoo.com/yui/examples/datatable/inlineediting.html
      >
      <http://developer.yahoo.com/yui/examples/datatable/inlineediting.html>
      > */
      >
      > /**
      > * Example that checks the user's cookies to see if
      > they've been
      > * authorized to edit the DataTable and gives
      > appropriate output
      > * based on that.
      > * NOTE: This is not secure as cookies can be
      > forged if they don't
      > * include the proper countermeasures. See:
      > http://us2.php.net/setcookie
      > <http://us2.php.net/setcookie> for cookies
      > * in PHP, for security with cookies in PHP see:
      >
      http://safari.awprofessional.com/059600656X/phpsec-CHP-4
      >
      <http://safari.awprofessional.com/059600656X/phpsec-CHP-4>
      > */
      > ?>
      > <?php
      > if(!empty($_GET['aCookie'])){
      > // if the user clicked the 'get a cookie' button,
      > set a cookie
      > setcookie("authoringCookie", "true");
      > header('Location: cookiePrivs.php'); //force a
      > reload so the user can
      > immediately user their editing privs
      > }
      > ?>
      > <html>
      > <head>
      > <title>Cookies and PHP and Editing
      > DataTables</title>
      > <!-- Required CSS -->
      > <link type="text/css" rel="stylesheet"
      >
      href="http://yui.yahooapis.com/2.2.2/build/datatable/assets/datatable.cs\
      > s
      >
      <http://yui.yahooapis.com/2.2.2/build/datatable/assets/datatable.css>
      > ">
      > <!-- Dependencies -->
      > <script type="text/javascript"
      >
      src="http://yui.yahooapis.com/2.2.2/build/yahoo-dom-event/yahoo-dom-even\
      > t.js"></script
      >
      <http://yui.yahooapis.com/2.2.2/build/yahoo-dom-event/yahoo-dom-event.js\
      > ">> >
      > <!-- Source files -->
      > <script type="text/javascript"
      >
      src="http://yui.yahooapis.com/2.2.2/build/datasource/datasource-beta-min\
      > .js"></script
      >
      <http://yui.yahooapis.com/2.2.2/build/datasource/datasource-beta-min.js"\
      > >> >
      > <script type="text/javascript"
      >
      src="http://yui.yahooapis.com/2.2.2/build/datatable/datatable-beta-min.j\
      > s"></script
      >
      <http://yui.yahooapis.com/2.2.2/build/datatable/datatable-beta-min.js">>
      > >
      >
      > <style type="text/css">
      > /* custom css*/
      > #editing {margin:1em;}
      > #editing table {border-collapse:collapse;}
      > #editing th, #editing td {border:1px solid
      > #000;padding:.25em;}
      > #editing th
      > {background-color:#696969;color:#fff;}/*dark gray*/
      > #editing .yui-dt-odd {background-color:#eee;}
      > /*light gray*/
      > #editing .yui-dt-editable.yui-dt-highlight
      > {background-color:#BEDAFF;}
      > /*light blue*/
      > </style>
      > </head>
      > <body>
      > <h1>Cookies and PHP and Editing DataTables</h1>
      > <p>On initial load the datatable cannot be
      > edited, but if you click
      > the 'Get an editing privs cookie' button the page
      > will give your browser
      > a cookie that is checked on reload (which
      > conveniently happens
      > immediately). If you've got the cookie you can edit
      > the datatable.</p>
      > <p>A less degenerate example would have the
      > cookie setting and page
      > display on separate pages (like a login page and an
      > editing page), but
      > this was a nice way to get everything into one short
      > file.</p>
      > <form action="cookiePrivs.php" method="GET">
      > <input type="submit" value="Get an editing privs
      > cookie"
      > name="aCookie">
      > </form>
      > <div id="editing"></div>
      > </body>
      > <script type="text/javascript"
      > src="data.js"></script>
      > <script type="text/javascript">
      > <?php
      > /**
      > * This is where you'll differentiate between
      > common visitors
      > * and mighty editors. There are a couple equally
      > valid approaches
      > * at this juncture. I'm going to perform a single
      > cookie check
      > * and emit an entire block of js. Another way to
      > do this is to
      > * escape into PHP from the js and perform an
      > cookie check for each
      > * column (like if there were different cookies
      > that determine edit
      > * access on each column). The single check will
      > result in a lower
      > server
      > * load, though not by much, and a shorter
      > authoring time for the demo.
      > */
      > ?>
      > var myColumnHeaders = [
      > <?php
      > // For info on the weird <<< syntax see:
      >
      http://us2.php.net/manual/en/language.types.string.php#language.types.st\
      > ring.syntax.heredoc
      >
      <http://us2.php.net/manual/en/language.types.string.php#language.types.s\
      > tring.syntax.heredoc>
      > // if the user is an editor
      > if($_COOKIE['authoringCookie'] != null){
      > echo <<<EndAuthorBlock
      > {key:"SKU"},
      > {key:"Quantity",editor:"textbox"},
      > {key:"Item",editor:"textbox"},
      > {key:"Description",editor:"textarea"}
      > ];
      > EndAuthorBlock;
      > }else{
      > // else they can't edit
      > echo <<<EndGuestBlock
      > {key:"SKU"},
      > {key:"Quantity"},
      > {key:"Item"},
      > {key:"Description"}
      > ];
      > EndGuestBlock;
      > }
      > ?>
      >
      > var myColumnSet = new
      > YAHOO.widget.ColumnSet(myColumnHeaders);
      >
      > var myDataSource = new
      > YAHOO.util.DataSource(YAHOO.example.Data.inventory);
      > myDataSource.responseType =
      > YAHOO.util.DataSource.TYPE_JSARRAY;
      > myDataSource.responseSchema = {
      > fields: ["SKU","Quantity","Item","Description"]
      > };
      >
      > var myDataTable = new
      > YAHOO.widget.DataTable("editing", myColumnSet,
      >
      === message truncated ===




      ____________________________________________________________________________________
      Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
      http://answers.yahoo.com/dir/?link=list&sid=396545469
    Your message has been successfully submitted and would be delivered to recipients shortly.