0

So I know how to disable/enable a button when inputs in the same form are empty/filled.

But let's say I have applied backend permissions first and disabled some buttons. How do I make sure they are not re-enabled when someone with no permissions writes in the input ?

I can in theory also disable all inputs based on permission but can you suggest a better solution?

Example in django template:

    <button type="submit" class="btn btn-default" id="my_button"
            {% if not can_post %}disabled{% endif %}>Apply
    </button>
Seif
  • 1,058
  • 11
  • 19
  • the problem is not clear, in general you just have to display your UI with correct permissions (show/hide w/e elements...), then validate on submit at view/form level. – HassenPy Feb 09 '17 at 18:20
  • @HassenPy I don't want to hide the UI, I want to disable it on permissions, so someone can see the element if he has the right to "read" but not "write" – Seif Feb 09 '17 at 21:51
  • 1
    ye, just mentioned show/hide as an example of actions relative to user's permissions, now that i re-read your post, you can do this in many ways, depends on your project setup, if you're doing light javascript with no framework, you can simply drop in an attribute to your button, like `data-has-perm=0`, then on your enabling script just add a check for that permission data. – HassenPy Feb 09 '17 at 22:07
  • adding another attribute to define the permission, good idea! you can write and answer and I will accept it ;) – Seif Feb 10 '17 at 09:00

1 Answers1

1

You can do this in many ways, depends on your project setup.

If you're doing light javascript with no extensive form UI modifications, you can simply drop in a data attribute to your button data-has-perm=0 that defines the initial permission, then on your enabling script just add a check for that permission before you re-enable the buttons.

But if you do extensive form UI modifications, i guess the best way to do this is by creating state objects for all your buttons like for example: 

var buttons = {
    '#b1': {'initPerm': 0},
    // in your templates file simply do '#b1': {'initPerm': {% if not can_post %}0{% else %}1{% endif %}' 
}

and you will have an object that holds all your predefined button states, you then check it on your re-enabling methods.

In both cases, never forget to check for the submitted form's user permissions on your view or form.

HassenPy
  • 2,083
  • 1
  • 16
  • 31