Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Beloventsev2017-08-12 12:14:42
Yii
Sergey Beloventsev, 2017-08-12 12:14:42

How to pass the used model in matchCallback?

There is a need to allow editing the post only by a user with the manager role, and also by the post authors, the id of the post author is stored in the autor_id cell, I
try to organize it like this in the controller:

public function behaviors()
    {
    'access' => [
        'class' => AccessControl::className(),
        'ruleConfig' => [
            'class' => AccessRule::className(),
        ],
        'rules' => [
            [
                'actions' => ['update'],
                'allow' => true,
                'roles' => ['manager'],
                'matchCallback' => function ($rule, $action,$model) {
                    return Yii::$app->user->identity->id==$model->autor_id;}
            ],
        ]
    ]    
}

I do not get access, as you understand, and I understand what I am doing, something is not right. Do not tell me how to do it right?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
M
matperez, 2017-08-12
@Sergalas

I think you can already use RBAC
And one more thing. Your problem is solved there

[
    'allow' => true,
    'actions' => ['update'],
    'roles' => ['updatePost'],
    'roleParams' => function() {
        return ['post' => Post::findOne(Yii::$app->request->get('id'))];
    },
],

or so
[
    'allow' => true,
    'actions' => ['update'],
    'roles' => ['updatePost'],
    'roleParams' => ['postId' => Yii::$app->request->get('id')];
],

If we abstract from RBAC, then following this logic, you must independently find the model in the database in matchCallback and perform all the necessary checks there.

Report
A
Arman, 2017-08-12
@Arik

You can make the getModel() method in the controller, which will cache the result (put it in a property). then in the closure you can do $this->getModel()->autor_id.
The problem is that the filters run up to the main action.

Report
S
Sergey Beloventsev, 2017-08-12
@Sergalas

but thanks for this solution Post::findOne(Yii::$app->request->get('id')) in principle, that's why I'm assigning the answer.

Similar questions
M
m1zysh0w2017-07-16 14:10:56
How to change the module icon to your own? 3Reply
A
AndriiPigal2022-04-09 22:07:17
Where to learn Kivy for Python? 1Reply
M
Michael2016-09-14 15:44:28
How to insert basic data into the database in Yii2? 1Reply
A
Anton2016-09-15 00:36:15
Question on AccessControl? 1Reply
G
gerrper2014-09-07 19:11:26
Yii2 doc|docx editor on the page. Is there such a widget? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question