Just wondering… is there a way to escape parameters in a defaultScope() model call??
e.g.
/**
* apply business context rule to fetch data calls on this model (also works on update, view, delete controller actions)
* e.g. only display model data from the users business
*/
public function defaultScope()
{
if( !Yii::app()->user->checkAccess('admin') ) {
return array(
'join' => "LEFT JOIN customers ON customers.id = id",
'condition' => 'customers.business_id = '.parent::getBusinessContext()
);
}
else
return parent::defaultScope();
}
i would like to know for security reasons. thanks.! go Yii!
/**
* apply business context rule to fetch data calls on this model (also works on update, view, delete controller actions)
* e.g. only display model data from the users business
*/
public function defaultScope()
{
if( !Yii::app()->user->checkAccess('admin') ) {
return array(
'join' => "LEFT JOIN customers ON customers.id = :id",
'condition' => 'customers.business_id = :businessContext',
// not 100% sure but I think this would work
'params' => array(
':id' => $id,
':businessContext' => parent::getBusinessContext()
)
);
}
else
return parent::defaultScope();
}
also just a tip but you should have a look at this: http://www.yiiframew…iguous-columns/
table aliases can be a bit of a handful later when you want to call on a model in with() and it have a defaultScope.
