Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict users from directly accessing the form url #232

Open
Eric-Simon-Lemon opened this issue Nov 28, 2023 · 1 comment
Open

Restrict users from directly accessing the form url #232

Eric-Simon-Lemon opened this issue Nov 28, 2023 · 1 comment

Comments

@Eric-Simon-Lemon
Copy link

Hello !
Trying out the modal forms, it's working well overall !

But there's one thing I can't figure out : how do you restrict the access to the form view ?
I don't want my registered user to be able to access like http://127.0.0.1:8000/books/create
BUT they should have to right to load the modal that creates books

thank you for your help
@Rastopapola
Copy link
Contributor

The user would need to know this path exists and they can call it directly via the browser. It is highly unlikely imho, that most users would do this. If button-smashing is the only way to open your modal form, they would need to analyze the network using the browser's dev tools to know about this url. Again: very unlikely. And if they would still do all this and then just open the route directly, they are greeted by some raw html form, that does not provide the same UX as if they would just click the button.

If they can not harm your application, I would not bother at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rastopapola @Eric-Simon-Lemon