Best way to authorize an owner (author) of an ActiveRecord

Hi, here’s a very common scenario:

I have an articleModel, which has an user_id attribute to hold the ‘owner/creator’.

How should I implement an access control filter to check if the currently logged in user Yii::app()->user->id is the owner when taking actions such as delete or update?

This well known scenario applies to many of my models, so it would be great to generalize it somehow as a controller behavior, or as a base controller class.

A second concern is that the access filter will have to load(using findByPk) the record to check it for access(at least one extra SQL query , depending on default scope and articleModel relations).

I would like to cache the record for the next findByPk(), which happens in Gii/Giix generated controller actions.

Thank You.

You may want to try Yii’s built-in Role-based access control feature

Thanks, I would like to see some hands-on code usingCDbAuthManager roles. :)