P

Pavel Zamoroka2015-10-12 14:57:34

Yii

Pavel Zamoroka, 2015-10-12 14:57:34

How to make CRUD display only this user's data?

Hello.
I made a news table with the fields `id`, `parent_id`, `title`, `annot`, `body` using gii crud generator.
How can I make it so that only those records are displayed where `parent_id` = ID of the user logged into the system (Yii::$app->user->id)?
+ permission to edit data, because you can substitute any ID in a link like localhost/news/update/1 and edit other people's posts accordingly

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Villarou, 2015-10-12
@zapashok

In actionIndex you rather have a line like this:
You should have something like:
In general, study yii-db-activerecord and yii-db-activequery
About permission to edit: well, check the parity of parent_id and id of the current user in actionUpdate. Or just look in the direction of RBAC.

S

Sergey Lysogor, 2015-10-12
@serhioli

You probably don’t need filtering , but named groups of conditions, and for convenience, it’s even better defaultScope with a check for the admin (or the right to view everything)
More details here:
www.yiiframework.com/doc/guide/1.1/en/database.ar# ...