Preventing a user viewing other user

Hello everyone :D

I have some question about my app. How can I prevent a user from viewing another user profile?

I mean, a user can only view their own profile. If user 123 is logged in, he is allowed in ‘view&id=123’ but denied in ‘view&id=234’ etc.

I know how to do this from the view page, but, am I able to deny it from my Controller? I’m thinking to use expression but I can’t get it right. Here is my code


array('deny',

		'actions'=>array('view'),

		'expression'=>'$user->getName()!=??',

),



What is the right expression to replace the ‘??’ part?

I tried to use $id (the actionView parameter) but it showed me an error :(

Here are two ways you can do it:

First way:In your controller’s action you can add the following code:




public function actionView($id){

	if(Yii::app()->user->id != $id)//If these IDs are different, throw exception

		throw new CHttpException(401, 'You are not authorized to see this page!');


}

Second way:

Create a function inside your controller




function checkAuthorization(){

	$id = Yii::app()->request->getParam("id");//Get id from GET array

	if($id == Yii::app()->user->id)//Check if id's are the same

		return true;

	return false;

}

And call this action in the action filter like the following code demonstrates:




array('allow',

                'actions'=>array("view"),

                'users' => array('@'),//Only logged in users can access view action

                'expression'=>array("YOURController","checkAuthorization")),//Logged in user must also satisfy the rules in checkAuthorization function