Stemon63 Posted April 24, 2020 Share Posted April 24, 2020 Hi, a little discussion: I known that if I have a Dbgrid with some columns not visible, they are present on client, so If I change their visibility in the browser I can see them with contents. This is a big securiry issue if I want to show those columns only to admin or user with special or top privileges. Others can see contens easily in browser. So we have to generate on server grids with only columns needs, avoiding change visible/invisible property. The same problem is on pressing Button. If I have an invisible button is easy to change it to visible. But seem that Unigui prevent all events on server because on server side the button is still not visible. Can confirm me that there is this security feature at project level? And if i have clients events attached, how i can prevent to start them if the user change an invisible button to visible in the browser console? Thanks in advance Quote Link to comment Share on other sites More sharing options...
Sherzod Posted April 24, 2020 Share Posted April 24, 2020 Hi, 59 minutes ago, Stemon63 said: I known that if I have a Dbgrid with some columns not visible, they are present on client, so If I change their visibility in the browser I can see them with contents. This is a big securiry issue if I want to show those columns only to admin or user with special or top privileges. Others can see contens easily in browser. So we have to generate on server grids with only columns needs, avoiding change visible/invisible property. Yes you have to generate columns based on roles. 1 hour ago, Stemon63 said: The same problem is on pressing Button. If I have an invisible button is easy to change it to visible. But seem that Unigui prevent all events on server because on server side the button is still not visible. Can confirm me that there is this security feature at project level? Yes. 1 hour ago, Stemon63 said: And if i have clients events attached, how i can prevent to start them if the user change an invisible button to visible in the browser console? Here, all client operations (codes) will work. If you also send the event to the server, you should take care to check "if the condition is valid"... for example: procedure TMainForm.UniButton1AjaxEvent(Sender: TComponent; EventName: string; Params: TUniStrings); begin if (EventName = 'adminBtnClick') and (isAdmin) then //isAdmin - your custom function or variable... begin // end; end; Quote Link to comment Share on other sites More sharing options...
gerardocrisci Posted April 24, 2020 Share Posted April 24, 2020 The problem exists ... but you can evaluate .. before the components are created rate this test procedure TMainForm.UniFormCreate(Sender: TObject); begin UniDBGrid1.Columns.Delete(2); // before starting the data request .. the associated field will not be asked UniBitBtn1.Free; // it appears that the button is created ... but not combined with the click end; try and see if it's okay. Quote Link to comment Share on other sites More sharing options...
Stemon63 Posted April 27, 2020 Author Share Posted April 27, 2020 Ok, mine is only a doubt; I was looking for a confirmation. Thanks to both :-) Sherzod, I take this opportunity to ask you if is found a solution on "direct" input in dbgrids, like VCL dbgrids. With latest beautiful updates on dbgrids is missing this basic feature for data entry. Good job Quote Link to comment Share on other sites More sharing options...
Sherzod Posted April 27, 2020 Share Posted April 27, 2020 7 hours ago, Stemon63 said: Sherzod, I take this opportunity to ask you if is found a solution on "direct" input in dbgrids, like VCL dbgrids. With latest beautiful updates on dbgrids is missing this basic feature for data entry. Hi, You and I already looked at this question. I will analyze this request once again. Quote Link to comment Share on other sites More sharing options...
Stemon63 Posted April 28, 2020 Author Share Posted April 28, 2020 Thanks Sherzod, we have analyze this question several times, but without a working solution. Better maybe Grids property or "ClicksToEdit"= 0 for immediate editor start. We need also "EnterToTab" for use Enter key as tab, and a property for use Arrow key (up and down) for change records even when the row is in edit (Post and go up or down). There are projects with a lot of grids and we cannot always inject client code for solve temporary the problem :-) There are applications that have a lot of beautiful forms that show charts, dashboard, etc.. with few data to input slowly and comfortable. However there are also vertical applications with intensive input (market, billing, etc...) when customers use the right numeric part of keyboard and arrow keys (so need Enter for confirm edit, not for start) for as fast as possibile input within grids, like cash register in front of long line of people. We have to manage this kind of application (migrated from VCL). In this scenario also refresh of dbgrid after posting a record is a "wast of time" if i don't need to refresh data because all need data is already on screen (maybe a property Autorefresh=true/false). Unigui is the best tools for migrate this kind of projects to the web, but we need more attention on those "little" features. Same speech for Advanced dblookup... (for find quickly product, codes, etc... within a grid's popup). My intention is to porting a lot of projects to Unigui, not only those "web related". So I trust a lot in Unigui. I think Gerardo also agree with me... :-) :-) Good Job Quote Link to comment Share on other sites More sharing options...
Stemon63 Posted April 28, 2020 Author Share Posted April 28, 2020 Sorry, for refresh of dbgrid I must try "dgDontReloadAfterEdit" that I don't have never tried.... :-) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.