$created_by = $this->loadModel(Yii::app()->request->getParam('id'))->created_by;
$params = array('created_by'=>$created_by);
[size=2]and my bizrule is[/size]
$bizrule = return Yii::app()->user->id==$params['created_by'];
Look above code
I don’t where to put this $params code.
Suggest me and also explain how to do it [size=2]?[/size]
[size=2]
[/size]
[size=2]Thank you…[/size]
See Authmanager docs
Your bizRule must be a string.
Create your task or operation:
$bizRule='return Yii::app()->user->id==$params["created_by"];';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
Submit the params on checkAccess:
$created_by = $this->loadModel(Yii::app()->request->getParam('id'))->created_by;
$params=array('created_by'=>$created_by);
if(Yii::app()->user->checkAccess('updateOwnPost',$params))
{
...
}
if I want to do like that is that possible.
public function accessRules()
{
if(isset(Yii::app()->request->getParam('id')))
{
$[size=2]created_by[/size]= $this->loadModel(Yii::app()->request->getParam('id'))->created_by;
[size=2]$params[/size][color=#666600][size=2]=[/size][/color][size=2]array[/size][color=#666600][size=2]([/size][/color][color=#008800][size=2]'created_by'[/size][/color][color=#666600][size=2]=>[/size][/color][size=2]$created_by[/size][color=#666600][size=2]);[/size][/color]
}
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index'),
'expression'=>'Yii::app()->user->checkAccess("usersIndex")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('view'),
'expression'=>'Yii::app()->user->checkAccess("usersView")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('create'),
'expression'=>'Yii::app()->user->checkAccess("usersCreate")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('signup'),
'expression'=>'Yii::app()->user->checkAccess("usersSignup")',
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('update'),
'expression'=>'Yii::app()->user->checkAccess("usersUpdate",$params)',
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin'),
'expression'=>'Yii::app()->user->checkAccess("usersAdmin")',
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('delete'),
'expression'=>'Yii::app()->user->checkAccess("usersDelete")',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
You have to check if $params["created_by"] isset in the bizRule, because on create you have no created by:
$bizRule='return isset($params["created_by"]) ? Yii::app()->user->id==$params["created_by"] : true;'
I would call the checkAccess in each action, not in the controller rules:
public function actionCreate() {
if(!Yii::app()->user->checkAccess("usersCreate"))
throw new CHttpException(403,'Access denied');
....
}
public function actionUpdate($id)
{
$model= $this->loadModel($id);
if(!Yii::app()->user->checkAccess("usersCreate",array('created_by'=> $model->created_by))
throw new CHttpException(403,'Access denied');
....
}