Access Context In Yii

I am developing a project for distance education Training centers.In that there is one super user and other all are branch users. Branch users can add students and update them. The problem is That Branch user ‘A’ can update students added by Branch User ‘B’ and i down want that.

The branch user only allow to update students added by him only.only owner can access.

Pls help i m not understanding bcoz both branch user has same role.

You have to add an attribute ‘owner’ to you student models and set this for example to the ‘Yii::app()->user->id’ on beforeSave.

Important: Don’t add the ‘owner’ to the rules() method or mark it as ‘unsafe’ there.

Add the ‘owner-filter’ to the search method of the student models when creating the dataprovider for the admin CGridView.




class student extends CActiveRecord {

.....


public function beforeSave() {

    if(!parent::beforeSave()) 

       return false;

   

      

      if(empty($this->owner)) //don't change the owner if already assigned

       $this->owner = Yii::app()->user->id;

      ...

      return true; 

  }


....


public function search()

	{

		


		$criteria=new CDbCriteria;


                if(Yii::app()->user->id != 'admin') //don't add for adminuser

                   $criteria->compare('owner',Yii::app()->user->id);




		$criteria->compare(...);

		....


		return new CActiveDataProvider($this, array(

			'criteria'=>$criteria,

		));

	}




In the controllers actionUpdate you have to check the owner after loading the model:





 public function actionUpdate($id)

    {

        

        $model=$this->loadModel($id);

        if(Yii::app()->user->id !='admin') //only if not admin user

        {

           if($model->owner != Yii::app()->user->id)

               throw new CHttpException(404,'The requested page does not exist.');    

        }   

        

        ....






If the user is not allowed to view a student created by another user, you should check the owner in the ‘loadModel’ method instead.

If you use RBAC you can create a business rule for that and use ‘checkAccess’.

Thanks dude ,k i wil create owner column in student table ,but i cant give owner field in form.i want when form is submitted , branch userid should be automaticly saved into student table as a owner. but how to do that

You don’t have to - and never should - publish the owner in the form.

As I told, don’t add the owner to the model rules().

The owner will be assigned in beforeSave() method, you only have to implement this method like above.