Hi!
I have quite complex problem with dynamic form which fields visibility depending on user rights. Spite of checking permissions to display field I want to check during update or insert if current user have rights to save all form fields that was sent to server.
This kind of validation should protect database from unallowed information modifications. The question is if Yii have some built in mechanisms or extensions (which I couldn’t find) that gives us opportunity to do that?
Hi
why not use accessrules in controller?
an example
http://www.yiiframework.com/wiki/169/configuring-controller-access-rules-to-default-deny
I’m using it in some part. But it’s only controll access to whole “View”. I was searching for some solutions and I found that CActiveRecord save() method takes as second argument list of attributes allowed to save.
This solve my problem. Now I only must define AuthManager’s rules for those dynamic fields and construct this attribute list.
If you want to save specifics attributes you could use update method
http://www.yiiframework.com/doc/api/1.1/CActiveRecord#update-detail
Also you have to check for this attributes permissions on the controller/action