Action filter

Jijgee · August 23, 2012, 4:30am

Hello. i have comment form here.




<div class="comment_form">

            <p class="comment_title">Leave comment</p>

            <?php echo CHtml::beginForm()?>

            <div class="comment" id="a">

                <?php echo CHtml::textArea('content', '', array('id'=>'comment_area', 'rows'=>6, 'cols'=>38))?>

            </div>

            <div class="comment" id="b">

                <br />

                <?php echo CHtml::ajaxSubmitButton('Submit', 

                        array('comment/add'),

                        array(

                            'type'=>'post', 

                            'beforeSend'=>'js:function(){

                                                if($(".comment_form textarea").val()=="")

                                                {

                                                    $(".comment_form textarea").css("border","1px solid #f00");

                                                    return false;

                                                }

                                                else

                                                {

                                                return true;

                                                }

                                            }',

                            'data'=>array(

                                    'content'=>'js:$(".comment_form textarea").val()',

                                    'owner'=>  Yii::app()->user->getID(),

                                    'post'=>$model->id,

                                    ),

                            'success'=>'js:function (){

                                        $(".comment_form textarea").css("border","1px solid #cacaca");

                                        $(".comment_form textarea").val("");

                                        alert("Done");

                                        }'

                            ),

                        array(

                            'id'=>'leave',

                        )

                );?>

            </div>

            <?php echo CHtml::endForm();?>

        </div>

It send ajax request to leave comment. But i don’t know how to deny non-logged in user lo leave comment. How i do this? And sorry about my english of there is mistake.

redguy · August 23, 2012, 6:21am

There are two things:

to hide Submit button (or some other part of HTML) if user is not logged just put it in "if" block:




<?php if( !Yii::app()->user->isGuest ): ?>

.....

...

...

<?php endif; ?>

to make your application really secure you have to also prohibit action for not logged user (so nobody can prepare specific request by hand and call it):




class CommentController extends Controller {

...

    public function filters() {

        return array(

            'accessControl', // perform access control

        );

    }


    public function accessRules() {

        return array(

            array( 'allow',

                'actions' => array( 'comment' ),

                'users' => array( '@' ), //any logged user can call this action

            ),

            array( 'deny',

                'actions' => array( 'comment' ), //deny 'comment' action for any other (not logged) users

            ),

            //place here other rules (if any)

            array( 'deny' ), //deny any other requests to this controller

        );

    }

of course you should merge accessRules with your own and adapt it to your needs (the main concept is: first matching rule wins)

Jijgee · August 23, 2012, 7:32am

redguy:

There are two things:

to hide Submit button (or some other part of HTML) if user is not logged just put it in "if" block:
<?php if( !Yii::app()->user->isGuest ): ?>

.....

...

...

<?php endif; ?>
to make your application really secure you have to also prohibit action for not logged user (so nobody can prepare specific request by hand and call it):
class CommentController extends Controller {

...

    public function filters() {

        return array(

            'accessControl', // perform access control

        );

    }


    public function accessRules() {

        return array(

            array( 'allow',

                'actions' => array( 'comment' ),

                'users' => array( '@' ), //any logged user can call this action

            ),

            array( 'deny',

                'actions' => array( 'comment' ), //deny 'comment' action for any other (not logged) users

            ),

            //place here other rules (if any)

            array( 'deny' ), //deny any other requests to this controller

        );

    }
of course you should merge accessRules with your own and adapt it to your needs (the main concept is: first matching rule wins)

I tried accessRules and works well. The problem is there is no response. I use fiddler to se what is wrong. and there is




<!-- end #footer -->

<script type="text/javascript">

/*<![CDATA[*/

jQuery(function($) {

$('#login-form').yiiactiveform({'validateOnSubmit':true,'attributes':[{'id':'LoginForm_username','inputID':'LoginForm_username','errorID':'LoginForm_username_em_','model':'LoginForm','name':'username','enableAjaxValidation':false,'clientValidation':function(value, messages, attribute) {


if($.trim(value)=='') {

	messages.push("Username cannot be blank.");

}


}},{'id':'LoginForm_password','inputID':'LoginForm_password','errorID':'LoginForm_password_em_','model':'LoginForm','name':'password','enableAjaxValidation':false,'clientValidation':function(value, messages, attribute) {


if($.trim(value)=='') {

	messages.push("Password cannot be blank.");

}


}}],'summaryID':'login-form_es_'});

});

/*]]>*/

</script>

on the form page there is no response. how do i catch response. I need to whether use is authenticated or not and display message like "Please log in."

redguy · August 23, 2012, 7:19pm

So you should check "loginRequiredAjaxResponse" attribute in CWebUser: http://www.yiiframework.com/doc/api/1.1/CWebUser#loginRequiredAjaxResponse-detail

…or read: http://www.yiiframework.com/wiki/228/display-a-nice-exception-message-on-ajax-requests/

I think one of those should help