Conditional Filtering

First of all congratulations for a great framework.

I managed to code a big part of my application with little effort thanks to yii, gii and gtc.

Great work.

Now back to my problem:

I have an application to show documents to users.

The idea is to have two types of access:

  • A backoffice access to upload documents and manage companies, document types, documents and access of users to company documents

  • A frontoffice access to view the documents for the companies the user has access to

The application has five tables:


  • id

  • username


  • id

  • name

  • id_company -> foreign_key to company->id

  • id_doctype -> foreign_key to doctype->id


  • id

  • name


  • id

  • id_user -> foreign_key to user->id

  • id_company -> foreign_key to company->id


  • id

  • name

  • file_content

Each frontoffice user should only access the documents related to companies he has access to

Each documents belongs to one company and is of one doctype

I managed to code the backoffice and it’s working fine but i’m cannot seem to figure out the frontoffice logic and code.

How can filter the data retrieved from the documents table based on the company list retrieved from the usercompany which is filtered by the current userid.

In theory i need to get the list of companies from user_company where id_user is equal to current logged on and use this to filter the documents model

What is the best way to do this ?

For security, I can advice you:

  • create a module for backoffice, and in the BackofficeModule.php you can forbid the access to the whole model to not authorized user.

  • each time you select from database, you have to be careful and filter the company the user has access to.

  • in order to avoid any problem, you can write an afterFind method in each model, in wich you check the access and throw an exception if the user is not allowed. The same you can do in beforeSave.

In this case, if you somewere forgot to filter the document, you will get an exception, that is better than display documents to non-authorized users.