Filter / Limit DataGrid by User

Hi all,

Is there a tutorial or anything that can help me ensure that a logged in user, can only see jobs assigned to him, and no one else… ?

Impressed with how fast i can build stuff with Yii, but hitting a brick wall now.

Admin: Please put my post in a more relevent forum is required. :blink:

p

:lol:

Holy moly, great balls o’fire.

I did it.

I added


$criteria->compare('id_user', Yii::app()->user->id, $partialMatch = false); 

to the appropriate Model…

It works! ha, I like coding again now, balance is restored, all are safe.

p

Following on from this, I’ve noticed that any user can simply enter a lead_id in the URL and they see the lead… this is bad!

How can I set it so that if the ‘user_id’ in the record doesnt match your currently logged in ‘id’ (so basically, youre looking at a lead that isnt assigned to you) that it fails/errors/stops you from seeing it…

:blink:

You can use appropriate accessRules in your controller :)


…

'expression' => '(YourModel::model()->findByPk($_GET["id"]) !== null) && (YourModel::model()->findByPk($_GET["id"])->user_id == Yii::app()->user->_id)',

…

That helps also when types in an non-existing id.

Hey great, i’ll add that in, but before I do, is there a way I can add this once, rather than in every rulle, for every controller? I will try adding it to the defualt controller first…

also, instead of specifiying the Model name, which actualy will be a problem if i add it to the default one(?) can I say something like “this::model” … :huh: so it works for all of them…

thanks - i guess I should go try before asking!

p

update:

It works (for the particular view and controller im testing it on so far!), i tweaked it alittle - as i gave you incorrect info, and the PK isnt ID any more…


'expression' => '(Callback::model()->findByPk($_GET["id_lead"]) !== null) && (Callback::model()->findByPk($_GET["id_lead"])->id_user == Yii::app()->user->id)',