Here is the thing:
Admin can create and update users. Form will provide fileds for username, password, password repeat, email, and user role. When admin want to update some user, it would be nice of he do not need to update password too, since password is hashed in database, and admin may not know what is user’s password. For example admin just want to update user role. The problem is I can not manage to make that happen. I made password and password repeat field not required on update, and I can save new user credentials, but update action is also saving new password ( nothing ), so user can not log in anymore. If I change password too, then everything works, but it would be nice if model will save new password only if it is enetered in form, if it is not, it shouldn’t. In non yii site I make this quite easy, but with yii I have problem, and I do not know why.
here are the rules in user model:
public function rules()
{
return array(
array('username, email, type', 'required'),
array('password', 'required', 'on' => 'insert'),
array('username', 'length', 'max' => 55),
array('password', 'length', 'max' => 55),
array('email', 'length', 'max' => 128),
array('email, username', 'unique'),
array('email', 'email'),
array('type', 'length', 'max' => 6),
array('password', 'compare', 'on' => 'insert'),
array('password_repeat', 'safe', 'on' => 'insert'),
array('id, username, password, email, type, profile', 'safe', 'on' => 'search'),
);
}
and this is update action from user controller:
public function actionUpdate($id)
{
$model = $this->loadModel($id, 'User');
Yii::app()->authManager->revoke($model->type, $id);
if (isset($_POST['User']))
{
$model->setAttributes($_POST['User']);
if ($model->save())
{
$this->redirect(array('view', 'id' => $model->id));
}
}
$this->render('update', array(
'model' => $model,
));
}
Also I am using beforeSave for password hashing in user model:
public function beforeSave()
{
$this->password = User::hashPassword($this->password);
return parent::beforeSave();
}
I have tried manualy assigning form submitted data to model attributes, and checking if password field is not empty to prevent empty password to be set, but it didn’t worked.
What is the catch ?