hide/show links on page depending on authorization

Yii 1.1 General Discussion
1

hi all,

i’d like to hide all links on a page depending on authority of user on this links (controller-actions).

i am using srbac and would like to extend it by - perhaps - a behavior that checks for every link on a page if the user has access to it or not and if not it should prohibit the rendering of this link.

is this possible?

if yes, what will be the best practice for this?

at the moment i have something like this for every link in my views :(

not nice!




echo Yii::app()->user->checkAccess('ModelControllerActionId')

     ? CHtml::link('update', array('update', 'id'=>$model->id))

     : "";
2

You could write a helper function to reduce the typing.

Or you could look into DomDocument.

Using it, it’s possible to grab all links and inspect them and set their properties or remove them.

The latter could be run in a filter, I think.

Haven’t tried it myself, but I plan to. :)

3

Check this wiki article on how to create a shortcut helper function - http://www.yiiframework.com/wiki/31/use-shortcut-functions-to-reduce-typing

So in your code a link can be written like l(‘what to check’, ‘update’, array(…))… and that function would then check if the current user has permission for that link…

4

thanks

what about ccontroller.beforeRender()?

wouldn’t this be something to use globaly for a new behavior?

5

I am doing the check in the code all times.

I think that this is a good solution, maybe a helper can save you some code, but the check has to be done each time.

Another approach is to create an helper adminLink, for example in a class MyHtml:




MyHtml extends CHtml

{

  public static function adminLink($role, $label, $url, $htmlOptions)

  {

      if Yii::app()->user->checkAccess($role)

           return CHtml::link($label, $url, $options);

  }

}

This is a more confortable help for such a work.

6

As a newbie: How would you then use this in the view file?

7 

MyHtml::adminLink('admin', 'clickMe', array());

My advice is to create a function to use in views. If you have only the check admin, you can change the function and make it easier:




MyHtml extends CHtml

{

  public static function adminLink($label, $url, $htmlOptions)

  {

      if Yii::app()->user->checkAccess('admin')

           return CHtml::link($label, $url, $options);

  }

}

and in views:


MyHtml::adminLink('clickMe', array());

That is nicier, because it has the same signature of CHtml::link, so you can change only the methond name and not the parameters.

8

This is all great and well,

But I need 1 link, not shown on my page, Only when user is logged in, will they be able to see the link.

i.e. logged in = CHtml::link shown… else CHtml::link hidden.

I’m currently using the below code, but no luck… Regardless of whether the user is logged in or not, the link still shows?

any suggestions? (p.s. I’m using rights with several different users and roles, and Twitter Bootstrap)




<?php echo CHtml::link("edit", array('/blog/post/update/id/'.$data->id), array(

	'rel'=>'tooltip',

	'title'=>'Edit this post',

	'visible'=>!Yii::app()->user->isGuest,

)); ?>

Regards,

9

Well you don’t seen to have used any of the solutions listed above… And ‘visible’ you have used is not an HTML property of the ‘a’ tag, is it?

At least you can do something like:


<?php echo Yii::app()->user->isGuest

? ''

: CHtml::link("edit", array('/blog/post/update/id/'.$data->id), array(

        'rel'=>'tooltip',

        'title'=>'Edit this post'

)); ?>

If you repeat that a lot, check again the advice from mdomba and the sample code from zaccaria.

10

Thanks bennouna!

As time goes on, and see how far I’ve come I realise what stupid code I used to write. I do still prefer your method (and works like a charm!) as it’s a quick solution for the only link in my entire webapp and it’s not doing a whole “query” (which I’m hoping will save on processing time… but could be totally wrong with that thought)…

anyway, and so I learn ;)