Controller/action Restrictions

sanguina · February 18, 2013, 11:34am

Hi

Is there a way to restrict a Controller/Action to be called only if it called from another controller/action ?

For example:

user/register would only show up if it has been called from paypal/paysuccess

else if called directly or from other action would result in not authorised output.

thanks for replying

alirz23 · February 18, 2013, 12:03pm

you can use CUrlManger something as following, but you will still have access to controller thru other controllers

‘rules’ => array(

'user/register'=&gt;'error/404'

),

sanguina · February 18, 2013, 6:36pm

thanks for replying.

did you mean adding the rule to main/config something like this ?





'urlManager'=>array(

			'urlFormat'=>'path',

			'showScriptName'=>'false',

 

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			'user/register'=>'error/404'

			),

		),

this isn’t working.

Sorry I am a newbie and a dumbo at the same time

seenivasan · February 19, 2013, 5:44am

Dear Friend

To avoid the direct access overide the CContoller::beforeAction() in UserController.

UserController.php




public function beforeAction($action)

{

	if($action->id=='register')

	{

				

		throw new CHttpException(" :you are not having any direct access to Registration.");

	}


	return true;

}

Then in PaypalController, we can do something.




public function actionPaysuccess()

{

    if(something is true) // that is on successfull payment...

   {

        $model=new User('register');

        if(isset($_POST['User']))

	{

		$model->attributes=$_POST['User'];

	

			if($model->save())

                            //do something here.

			

	}

	$this->renderPartial("//user/register",array('model'=>$model),false,true); //bring out the registration form.


   }




}

This way we made the action user/register totally non existing.

This is almost equivalent to removing user/register.

If you want still use the user/register, then we can do the following.

1.create a folder restricted inside protected/controllers.

2.Copy the UserController.php and place it inside the restriced folder.

3.Then remove the UserController::beforeAction() from UserController.php residing inside the restricted folder.

Then in PaypalController, we can do the following.




public function actionPaysuccess()

{

    if(something is true) // that is on successfull payment...

   {

        Yii::app()->controllerPath=Yii::app()->controllerPath."/restricted";//accessing the UserController.php in restricted folder.

	$this->forward("user/register");//forward... do not redirect.


   }

}

I hope this would help you.

sanguina · February 19, 2013, 6:42am

Thanks seenivasan, this is great…

Thanks for taking out time to put up such a detailed reply and such an apt one at that.

Defintely of great help

sanguina · February 19, 2013, 2:19pm

Hi seenivasan

thanks for your answer. it has definitely set the ball rolling for me.

I am stuck at one small issue.

With renderpartial i am being able to display the registration form on the payment/confirm page.

However the default <form action=""> still remains as ‘payment/confirm’ where as it should be ‘user/register’ for the form to work.

In my case the registration view is located in a module.user.view.registration

what do i add as for the action in my registration form ?


$form=$this->beginWidget('UActiveForm', array(

	'id'=>'registration-form',

	'action'=> '[b]? -- what do i add here ?[/b]',

	'enableAjaxValidation'=>true,

	'disableAjaxValidationAttributes'=>array('RegistrationForm_verifyCode'),

	'clientOptions'=>array(

		'validateOnSubmit'=>true,

	),

for form action="", I added:




'action'=>array('user/registration'),

but it doesnt solve the purpose.

Just in case it matters, the register button is coded as:


<?php echo CHtml::submitButton(UserModule::t("Register")); ?>

thanks once again for showing me the way.

seenivasan · February 19, 2013, 2:53pm

Dear Friend

Bring all the logic from ‘user/register’ to ‘paypal/pauSuccess’.




public function actionPaysuccess()

{

    if(something is true) // that is on successfull payment...

   {

        $model=new User('register');

        if(isset($_POST['User']))

	{

		$model->attributes=$_POST['User'];

	

			if($model->save())

                            //Bring all the logic residing in  "user/register" here. 

			

	}

	$this->renderPartial("//user/register",array('model'=>$model),false,true); //bring out the registration form.


   }




}

sanguina · February 19, 2013, 3:22pm

thanks took me a step ahead…please keep this thread as subcribed.

hopefully should be able to comlete it

thanks a lot !!

sanguina · February 19, 2013, 3:54pm

sorry to bother you again

the logic contains references to other parts of the module like:

Yii::app()->controller->module->activeAfterRegister

Yii::app()->controller->module->sendActivationMail

etc

How do i make a reference to them now from within controller/action - pay/success?

thanks