How to check the owner of an entity in YII Rights before executing an action?

D

DuD2014-05-23 14:29:21

Yii

DuD, 2014-05-23 14:29:21

I'm sure many have faced the need to grant access to a specific action, not only based on the user's role, but also by additional. parameters.
Let's take the most common example:
There is news, only authors should be allowed to edit. Those. compare the value of the author_id field and the value of Yii::app()->user->id;
Everything is quite simple as long as the check is done through a Yii::app()->user->checkAccess() call.
I faced such problem. I want to check if the user is the author before performing actionUpdate. I see such logic more correctly than calling Yii::app()->user->checkAccess() in the actionUpdate itself, correct me if I'm wrong.
I found a very good article habrahabr.ru/post/177873/,everything is clear and understandable, but how to use it in conjunction with Yii Rights? How to tell the Rights module that when checking the rule for update, it is necessary to add more parameters so that the bizrule condition can be correctly checked? In the article, the parameters are added like this:

public function accessRules() {
        return array(
            ...
            array('allow',
                'actions' => array('update'),
                'roles' => array(
                    'updateNews' => array(
                        'news' => $this->news
                )),
            ),
            ...
            );
    }

But at me that after all accessRules in a DB.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

vyachin, 2015-06-04
@vyachin

keep using Yii::app()->user->checkAccess(). There are situations when, depending on what rights the user has, his own model validation script is assigned. Through accessRules it will not turn out to be implemented.