[size="3"]Hi all,
Using Yii framework I want to know how to prevent some user (ex: demo) from update or delete record on some table (ex:product) ,
and I want to allow him to see list of only some record (ex: records that contain current date or some thing else ) …in public I need too know how can I control who see what and what he can do on it ?
Thank you
[/size]
Its not 100% clear what you are asking, but I will try and point you in the direction I think you asking.
To control access to your controller actions (eg: product/update, product/delete) you can use accessRules.
A good example of this is in the blog tutorial: http://www.yiiframework.com/doc/blog/1.1/en/post.create
I also recommend the docs on Authentication and Authorization 4. Access Control Filter: http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#access-control-filter
also 6. Role-Based Access Control http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control
To control what is displayed in a list of records you could use CDbCriteria.
Building a Blog System Using Yii. Displaying Posts: http://www.yiiframework.com/doc/blog/1.1/en/post.display
Active Record: 4. Reading Record: http://www.yiiframework.com/doc/guide/1.1/en/database.ar#reading-record
Active Record: 11. Named Scopes: http://www.yiiframework.com/doc/guide/1.1/en/database.ar#named-scopes
An easy way to use escopes and CActiveDataProvider: http://www.yiiframework.com/wiki/173/an-easy-way-to-use-escopes-and-cactivedataprovider
Search method of a model for filters when using dates - unixtimestamp in database: http://www.yiiframework.com/wiki/142/search-method-of-a-model-for-filters-when-using-dates-unixtimestamp-in-database
I hope that helps.
thank you Nax ,with first look I think it will help,I’ll try it