I need to do simple task that is giving me hard time for a long time now.
I need to get ID of the post in controller so I can compare it with user ID so only user who made post can update it (and delete)?
I know that post is 7 (localhost/yiitest/oglasi/update/7), I have tried every combination that I have encountered for this task without luck,
public function accessRules()
{
// only owner can update
$controllerId = Yii::app()->controller->id;
//if($controllerId){
//if(Yii::app()->user->getId() === $controllerId) {
if('7' === $controllerId) {
//$user_updater = Yii::app()->user->name;
$user_updater = 'test';
}
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('update'),
'users'=>array($user_updater,'admin'),
),
QueryTom
(Social)
November 3, 2011, 1:03pm
2
I don’t understand what you are trying to do.
In normal cases a user can have multiple posts. So multiple post ids, too.
Maybe this helps: http://www.yiiframework.com/wiki/136/getting-to-understand-hierarchical-rbac-scheme ?
l.jurgs
(L Jurgs)
November 3, 2011, 1:08pm
3
You mean the HTTP get var? $_GET[‘id’] but I prefer:
$id = Yii::app()->request->getParam('id');
at least I think this is what you are asking for.
Luke Jurgs, You are the MAN!
It looks like it will work like this!
I will try to set it up propertly now and keep you posted how did it go!
well we are getting so close 2 find out the answer.
I didnt realize sooner that I cant compare post’s id (url parametar)
Yii::app()->request->getParam('id')
with user id because its not the same thing. I need 2 compare post’s user_id field (db fields: id name cat_id price descr img user_id) so it would match user from post and logged user.
we are so close
l.jurgs
(L Jurgs)
November 3, 2011, 2:50pm
6
This depends on how your user authentication works but:
$post = Post::model()->findByPk(Yii::app()->request->getParam('id'));
Yii::app()->user->getId() == $post->user_id;
This is assuming you are using an ActiveRecord for Post.
didnt I tell You already that You are the MAN:)
it works:)
Thanks alot m8!!!
So here is complete code for enabling only users who made post to update it (and delete):
public function accessRules()
{
// Da samo vlasnik posta moze da ga updatuje
$post = Oglasi::model()->findByPk(Yii::app()->request->getParam('id'));
if(Yii::app()->user->getId() === $post->user_id) {
$user_updater = Yii::app()->user->name;
//$user_updater = 'test';
}
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' actions
'actions'=>array('create'),
'users'=>array('@'),
),
array('allow', // allow authenticated user to perform 'update' actions
'actions'=>array('update'),
'users'=>array($user_updater,'admin'),
),
array('allow', // allow admin user to perform 'admin' actions
'actions'=>array('admin'),
'users'=>array('admin'),
),
array('allow', // allow admin user to perform 'delete' actions
'actions'=>array('delete'),
'users'=>array($user_updater,'admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}