Answer the question
In order to leave comments, you need to log in
How to check the owner of an entity in YII Rights before executing an action?
I'm sure many have faced the need to grant access to a specific action, not only based on the user's role, but also by additional. parameters.
Let's take the most common example:
There is news, only authors should be allowed to edit. Those. compare the value of the author_id field and the value of Yii::app()->user->id;
Everything is quite simple as long as the check is done through a Yii::app()->user->checkAccess() call.
I faced such problem. I want to check if the user is the author before performing actionUpdate. I see such logic more correctly than calling Yii::app()->user->checkAccess() in the actionUpdate itself, correct me if I'm wrong.
I found a very good article habrahabr.ru/post/177873/,everything is clear and understandable, but how to use it in conjunction with Yii Rights? How to tell the Rights module that when checking the rule for update, it is necessary to add more parameters so that the bizrule condition can be correctly checked? In the article, the parameters are added like this:
public function accessRules() {
return array(
...
array('allow',
'actions' => array('update'),
'roles' => array(
'updateNews' => array(
'news' => $this->news
)),
),
...
);
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question