Winter CMS
Block access to sensitive field data for unauthorized users #53
-
DescriptionSetting a Steps To Reproduce:And the following to test_api_key:
label: Test API key
placeholder: Enter key
type: sensitive
readOnly: true |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
|
I'm curious as to why you think readOnly should prevent that, technically they're not editing the field, only reading it. What's the use case you're trying to achieve? |
Beta Was this translation helpful? Give feedback.
-
|
Good point, maybe it's just me but it seems counterintuitive to be able to interact with a field that is set to |
Beta Was this translation helpful? Give feedback.
-
|
I'm not really sure what the point of that happening would be tbh, are you trying to hide the sensitive data from unprivileged users? |
Beta Was this translation helpful? Give feedback.
-
|
Sorry yes, I worked around it by serving different fields based upon user permission. So user with privileges gets field as |
Beta Was this translation helpful? Give feedback.
-
|
There are other ways you can achieve similar results too, for example you could hook into the Is there anything actionable left in this issue or are you fine with your current solution? |
Beta Was this translation helpful? Give feedback.
-
|
There are other ways you can achieve similar results too, for example you could hook into the backend.ajax.beforeRunHandler event and throw an ApplicationException if you detect someone is trying to onShowValue() without the correct level of access to the data. Good to know! |
Beta Was this translation helpful? Give feedback.
There are other ways you can achieve similar results too, for example you could hook into the
backend.ajax.beforeRunHandlerevent and throw an ApplicationException if you detect someone is trying toonShowValue()without the correct level of access to the data.Is there anything actionable left in this issue or are you fine with your current solution?