I
I
Iossarian2019-03-28 12:35:16
Yii
Iossarian, 2019-03-28 12:35:16

How to prevent an action for everyone except the owner?

In the project, accesses are regulated using the rbac-behaver. There is a payment information page to which you can download the contract. Also, the downloaded contract can then be downloaded. The problem is that the download link looks like site/attachments/file/download?id=43. I'm using the nemmo/yii2-attachments widget. The table with files has the fields itemId (the model to which the file is loaded) and iserId - in fact, the user who downloaded the contract. So, how can a condition be written in a behaver or somewhere else for the possibility of downloading a contract only for its owner? Something like File->userId !== Yii::$app->user->identity->getId() , but what is the right way to write it?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
Maxim Timofeev, 2019-03-28
@webinar

regulated by rbac-behaver

specific? Where is the link to this behavior or code?
In your unknown behavior - only a fortune teller will help.
But out of the box there are rules for this:
https://www.yiiframework.com/doc/guide/2.0/en/secu...
http://yii.internetsite.com.ua/blog/rbac#use...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question