Answer the question
In order to leave comments, you need to log in
How to prevent an action for everyone except the owner?
In the project, accesses are regulated using the rbac-behaver. There is a payment information page to which you can download the contract. Also, the downloaded contract can then be downloaded. The problem is that the download link looks like site/attachments/file/download?id=43. I'm using the nemmo/yii2-attachments widget. The table with files has the fields itemId (the model to which the file is loaded) and iserId - in fact, the user who downloaded the contract. So, how can a condition be written in a behaver or somewhere else for the possibility of downloading a contract only for its owner? Something like File->userId !== Yii::$app->user->identity->getId() , but what is the right way to write it?
Answer the question
In order to leave comments, you need to log in
regulated by rbac-behaver
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question