2

It looks like it is possible using a custom module with a menu callback, and then an ajax callback function from the page. But before I waste time exploring, I'm sure someone must have done this before. Any tips?

Is it adequate to just update the node variable and call field_attach_update()? And what about security?

Improve this question

1 Answer 1

Reset to default
2

For security:

You can make sure that the menu hook uses the correct permission access

In menu hook:

 $items['/ajax/%/edit'] = array(
    'title' => 'something',
    'page callback' => 'your_edit_callback',
    'page arguments' => array(1),
    'access callback' => 'node_access',
    'access arguments' => array('update', 1),
    'type' => MENU_LOCAL_TASK,
  );

function your_edit_callback($node_id){
//something that edits the node here, only user(s) with node_access will be able to get here.
}

about node access: * In determining access rights for a node, node_access() first checks * whether the user has the "bypass node access" permission. Such users have * unrestricted access to all nodes. user 1 will always pass this check.

I have personally never used field_attach, but relied on node_save. 

$node = node_load($node_id);
$node->field_fieldname[LANGUAGE_NONE][0]['value'] = "monkeys";
node_save($node);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.