Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Beloventsev2017-08-12 12:14:42
Yii
Sergey Beloventsev, 2017-08-12 12:14:42

How to pass the used model in matchCallback?

There is a need to allow editing the post only by a user with the manager role, and also by the post authors, the id of the post author is stored in the autor_id cell, I
try to organize it like this in the controller:

public function behaviors()
    {
    'access' => [
        'class' => AccessControl::className(),
        'ruleConfig' => [
            'class' => AccessRule::className(),
        ],
        'rules' => [
            [
                'actions' => ['update'],
                'allow' => true,
                'roles' => ['manager'],
                'matchCallback' => function ($rule, $action,$model) {
                    return Yii::$app->user->identity->id==$model->autor_id;}
            ],
        ]
    ]    
}

I do not get access, as you understand, and I understand what I am doing, something is not right. Do not tell me how to do it right?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
M
matperez, 2017-08-12
@Sergalas

I think you can already use RBAC
And one more thing. Your problem is solved there

[
    'allow' => true,
    'actions' => ['update'],
    'roles' => ['updatePost'],
    'roleParams' => function() {
        return ['post' => Post::findOne(Yii::$app->request->get('id'))];
    },
],

or so
[
    'allow' => true,
    'actions' => ['update'],
    'roles' => ['updatePost'],
    'roleParams' => ['postId' => Yii::$app->request->get('id')];
],

If we abstract from RBAC, then following this logic, you must independently find the model in the database in matchCallback and perform all the necessary checks there.

Report
A
Arman, 2017-08-12
@Arik

You can make the getModel() method in the controller, which will cache the result (put it in a property). then in the closure you can do $this->getModel()->autor_id.
The problem is that the filters run up to the main action.

Report
S
Sergey Beloventsev, 2017-08-12
@Sergalas

but thanks for this solution Post::findOne(Yii::$app->request->get('id')) in principle, that's why I'm assigning the answer.

Similar questions
N
Nikita Nafranets2016-07-16 06:13:26
When installing a hackintosh, there is no efi partition? 2Reply
S
Sergey Beloventsev2018-07-09 18:55:16
How to compress activeForm.js and yii.validation.js? 1Reply
I
iva-86-w12016-02-21 15:30:17
How to display values ​​in ActiveForm of such a table? 1Reply
E
evgeniy_matveev2018-07-10 14:00:06
How to organize sorting in ActiveRecord? 1Reply
L
Leopandro2016-02-22 13:46:43
What happened to foreach? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question