Thanks texnixe,
With the help of my brother who is better at PHP we were able to manage the addition (here I had managed myself cool) and modify then delete.
This post was also interesting: Add to structured data remove from structured data from the front end
The question that arises now is what is the best way to manage security because currently we are creating an input field in hidden which displays the line id.
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<th scope="col">Date</th>
<th scope="col">Description</th>
<th scope="col">Modification</th>
</tr>
</thead>
<tbody id="myTable">
<?php foreach ($page->listing()->toStructure()->flip() as $listing): ?>
<tr>
<td>
<?= $listing->date() ?>
</td>
<td><?= $listing->description() ?></td>
<td>
<!-- uniquement un user client verra le formulaire -->
<?php if (($user = $kirby->user()) && $user->role()->id() === 'client'): ?>
<!-- MISE A JOUR (submit_update) -->
<form action="" method="post">
<div class="form-group">
<input type="text" class="form-control" id="date" name="date" placeholder="date" value="<?php echo $listing->date(); ?>">
</div>
<div class="form-group">
<input type="text" class="form-control" id="description" name="description" placeholder="description" value="<?php echo $listing->description(); ?>">
</div>
<input type="hidden" name="id" value="<?php echo $listing->id(); ?>">
<input class="btn btn-primary" type="submit" name="submit_update" value="Mise à jour">
</form>
<!-- DELETE (submit_delete) -->
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $listing->id(); ?>">
<input class="btn btn-primary" type="submit" name="submit_delete" value="Supprimer" onclick="return confirm('Êtes vous sur ?')">
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach ?>
</tbody>
</table>
</div>
<!-- ADD (submit_new) -->
<form action="" method="post">
<div class="form-group">
<input type="text" class="form-control" id="date" name="date" placeholder="date" value="">
</div>
<div class="form-group">
<input type="text" class="form-control" id="description" name="description" placeholder="description" value="">
</div>
<input class="btn btn-primary" type="submit" name="submit_new" value="Submit changes">
</form>
Our idea would be to check the role “client” of the user + his email to authorize it.
Is it clean?
Because currently all “client” could modify any field, just by modifying the entry.
Here is the code in the controllers:
<?php
// ADD (submit_new)
if(r::is('post') && get('submit_new')) {
addToStructure(
page()->uri(),
'listing',
array("date" => strip_tags(get('date')),
"description" => strip_tags(get('description'))
)
);
}
// ADD (submit_delete)
if(r::is('post') && get('submit_delete')) {
$field = 'listing';
$items = page()->{$field}()->yaml();
unset($items[get('id')]);
///dump($items);
$data = yaml::encode($items);
try {
page()->update([$field => $data]);
} catch(Exception $e) {
echo $e->getMessage();
}
// REFRESH PAGE
echo "<meta http-equiv='refresh' content='0'>";
}
// UPDATE (submit_update)
if(r::is('post') && get('submit_update')) {
$field = 'listing';
$items = page()->{$field}()->yaml();
$items[get('id')] = array("date" => strip_tags(get('date')),
"description" => strip_tags(get('description')));
///dump($items);
$data = yaml::encode($items);
try {
page()->update([$field => $data]);
} catch(Exception $e) {
echo $e->getMessage();
}
// REFRESH PAGE
echo "<meta http-equiv='refresh' content='0'>";
}
/**
* Add a new element to a kirby structure field
* @param string $page
* @param string $field
* @param array $data
*/
function addToStructure($page, $field, $data = array()){
// REFRESH PAGE
echo "<meta http-equiv='refresh' content='0'>";
$fieldData = page($page)->$field()->yaml();
$fieldData[] = $data;
$fieldData = yaml::encode($fieldData);
try {
page($page)->update(array($field => $fieldData));
return true;
} catch(Exception $e) {
return $e->getMessage();
}
}