In my MVC / SPA application, I have implemented several knockout functions where variables are assigned to allow them to be called from other functions. This setup enables updating elements on the page and making server calls when necessary.
All primary keys in the database are integers.
The data and models originate from the MVC Page Model, which is converted to JSON and mapped using the fromJSON utility.
var myFunction1ViewModel;
var myFunction2ViewModel;
var Function1ViewModel = function () {
var self = this;
self.data= ko.mapping.fromJSON($("#serverData1").val());
self.doSomething = function(){
//call server;
if(typeof myFunction2ViewModel != 'undefined'){
myFunction2ViewModel.doSomethingElse();
}
}
};
var Function2ViewModel = function () {
var self = this;
self.data= ko.mapping.fromJSON($("#serverData2").val());
self.doSomethingElse = function(){
//call server;
}
};
function initFunction1() {
myFunction1ViewModel= new Function1ViewModel();
ko.cleanNode($('.panel-content')[0]);
ko.applyBindings(myFunction1ViewModel, $('.panel-content')[0]);
}
function initFunction2() {
myFunction2ViewModel= new Function2ViewModel();
ko.cleanNode($('.panel-content2')[0]);
ko.applyBindings(myFunction2ViewModel, $('.panel-content2')[0]);
}
$(document).ready(function(){
initFunction1();
initFunction2();
})
During my exploration of devtools, I accidentally typed:
myFunction2ViewModel.data.PrimaryKeyId(99999999999)
This action triggered a change in the browser which led to a server call sending the edited primary key to the server.
My main concern now is how to prevent such actions in the future. Although I currently perform checks to ensure that only allowed objects are edited, handling every property being sent back to the server for edit permissions can be challenging due to the complexity and volume of some of my models.
I would greatly appreciate any insights or suggestions on this matter.
Thank you,
James