How can I only show Update-icons in a table where the logged in user is the creator of the post (or admin).
Wthout creating too many db Calls.
At the moment I have the RBAC rule to update own posts working in a basic yii2 application
I’ve created a table posts (id, created_by, post)
Through gii i’ve created the model and crud.
I’ve created a member rule:
return isset($params['model']) ? $params['model']->created_by == $user : false;
Added Rule and role to RBAC db
In my update action the RBAC rule is working:
public function actionUpdate($id) {
$model = $this->findModel($id);
if (Yii::$app->user->can('updateOwnPost', ['model' => $model])) {
if ($model->load(Yii::$app->request->post()) && $model->save()) {
return $this->redirect(['view', 'id' => $model->id]);
} else {
return $this->render('update', [
'model' => $model,
]);
}
} else {
echo "no permission to update";
\Yii::$app->getSession()->setFlash('error', 'You don't have permission to update other users posts');
return $this->redirect('index',302);
}
}
}
But now how can I get the table in my postform, only to show the edit icons, where the current user is the creator of the post, instead of a flash message that they are not allowed…