A better way?

I have as an access rule to the ‘view’ page in my Stories controller:

'expression'=>'Engines::model()->findByPk(Stories::model()->findByPk((int)$_GET[\'id\'])->eid)->pid == $_GET[\'pid\']

This works fine. Basically, I need to make sure that the currently viewed Story, which has an eid that points to an engine, belongs to a certain program. In other words, Story.eid -> Engine.pid -> Program.id. I need to make sure the Story being viewed actually belongs to the pid in the URL (e.g index.php/Stories/2125?pid=208). Otherwise, someone without access could view that particular story just by changing the pid. Anyways, my question is is there a more efficient way to enter something like that into an expression? It just doesn’t seem like the best way to do something like this. Thanks.

add this to controler

public function getmodelvalue(){

$story = Stories::model()->findByPk($_GET['id']);

$engine = Engines::model()->findByPk($story->eid);

return $engine->pid;


public function getPid(){

return $_GET['pid'];


than in your view this expression

'expression'=>'$this->getmodelvalue() == $this->getPid()'

Thanks. I suppose it’s the same amount of work for the server but it certainly makes it easier for me when I have to replicate some of this stuff. I was actually wondering about this, for some reason I couldn’t get it to work before, so thanks again.

Now what if I wanted to have that getPid() function available for all controllers, instead of having to replicate it for every single one? I tried putting it in the Controller class but when I call $this->getPid() in the access rules it refers to CAccessRule instead of Controller. Any way to do this? Thanks.

add that rule in main component controller and will be wisible for all controllers that is in components folder


in my case is


class Controller extends CController{

	public $layout='mainlayout';


	public $menu=array();


	public $breadcrumbs=array();


	public $portlets=array();

        public function getPid(){



and now is global visible because your extending in controller folder eg. sitecontroller extens controller

and parent function is global visible to all views or child controllers

I wonder if you have set your relations (Engine to Stories and viceversa) as you could use the lazy loading approach on to return its engine ID:

public function getmodelvalue(){

$story = Stories::model()->findByPk($_GET['id']);

return $story->engine->pid; // in case you have 'engine' relationship set


public function getPid(){

return Yii::app()->request->getParam('id');


I normally use getParam as a shortcut function set on a global file. I think that if you are going to use getPId just to get a param, write a getParam() global function or even gp() to write less code and share among your app.


Yeh the only problem I am having is calling the getPid() function from within an access rule expression. However, I suppose I can just save the pid into a variable at the begging of the accessRules() function like so:

public function accessRules()


	$pid = $this->getPid();

	return array(.....

no matter if you use accsses rules parent functions all all ways visible if thy are public functions just use parent::getpid(); or $this->getpid();

Thanks for the tip, I completely forgot about using that relation!

*** By the way, I went to give you +1 reputation and I clicked the minus by accident…lol…but I gave you a +1 on two other posts to balance it out.

Yes, I have no problem calling getPid() inside the accessRules() function. However, within an expression, e.g.

'expression'=>'$this->getPid() == 2'

the parent becomes CAccessRules in that scope, and therefore gives me an error. I could add a getPid function to CAccessRules as well I suppose, or maybe I’ll set set $pid = $this->getPid() at the beginning of the accessRules() function instead.

i should work :) i don`t know why doesn’t sory :)

now i´m confused because i dont know what your trying to do in this case you get a id from link and that id is not 2 and accessrules filter returns error

Hi rymonator,

If you, on your models have getPid as a function that does this:

public function getPid(){

return $_GET['pid'];


Why dont you just write:

'expression'=>'$_GET["pid"] == 2'

Please excuse me if I didn’t understood… but in this case, I would just do that…

Do not worry for that buddy, I really don’t help for the votes. By helping I help my self to better understand Yii.

Yeh that’s what I’m doing - it’s all good I was just wondering if there was a way to access a Controller function from within an access rules expression, not a big deal though. Thanks.

if you have a static method in your controller, then:


can be called from within the expression