I’m not sure if what I’m thinking is possible. I have a need for a limited set of end users to be able to edit their own views, probably including layouts. These views could be stored on the filesystem or in the db and loaded at runtime. This would be for a kind of hosted management system where ideally users could modify the look and feel of the system themselves in addition to templates we supply them. However, I don’t want them to be able to access anything other than what I pass into the view via renderPartial, but I do want/need them to be able to do limited PHP code mostly for looping purposes. Am I correct in thinking this is impossible at runtime? So, if I wanted to do something like this, I think I would need to filter for it when the user submits the code for the view, but that would require knowing what to filter for and it seems like it would be impossible to account for.
Another solution is to disallow any code of any kind on their part and only have them edit the structure, but let them drop in placeholders for content that would be dynamically generated. If I do that, is there any easy way to implement that that isn’t too janky?
Has anyone given any thought into this sort of thing for Yii?