Just for your information, I want to use JQgrid with joomla.

In fact, I should verify that the user id is authorised to consult the data of the groupe with id 105. If not, an error message will be displayed.

I have a datasource.php where the query is coded to access to the database to retrieve the data for my grid.

Is it in this file that I have to code the request that userid and groupeid are compatible just before my query for the data?

To get the user id, I usually use in joomla         $user    =& JFactory::getUser(); and $current_user = (int) $user->get('id'); How can I do here ? (sorry if my questions are basics...)

If a joomla expert could help me, It will be nice(I have already downloaded component and module from http://www.dunia-azka.co.cc/)

Thanks

Thierry

If you only want to disallow to use filter_var1_id=105 in the url you can use in jqGrid and on the server HTTP POST instead of GET. In the case to get the data user need a tool like Fiddler (see http://www.fiddler2.com/fiddler2/) to get the data. Nevertheless such change will give you not really much more security.

So my answer: this should be a functionality of the server side of your code. So it is not a question to jqGrid. All client side validation in the case are unsafe.

Best regards
Oleg 

I have a question about security in JQGRID.

When I display my grid, the URL generated can be copy/paste in Firebug. for example :

http://www.totosico.com/compon.....8;sord=asc

If I change filter_var1_id = 105 instead of 102, I can retrieve some data I'm not allowed to see (displayed in an XML format, not in the grid...)

So my questions are :

- How to prevent this ?

- Is it the right way to concat the variables in the URL ?

Thanks for your Help

Thierry