luc
(Luc Pfister)
1
Hi,
I’m using rights extension to manage access control and it works well so long as I only do some basic CRUD operations filter.
Now, I want to do this simple acces check based on $user->id :
-
I’ve got a Content model. It has a ‘belongs_to’ User relation through the user_id foreign key. This relation is declared as ‘owner’ in Content.php.
-
I want that users having the AUthenticated role can only update their own content
-
I’ve create a COntent.Update.Own operation with the following bizrule:
return Yii::app()->user->id==$params['content']->user_id;
And this gives me always an error 403 … I think my bizrule is not well written.
Any help will be very appreciated.
Luc
jacmoe
(Jacob Moen)
2
What I did was put a function in my model:
public static function isOwnerOf() {
if(Yii::app()->controller->id !== 'issue') {
return false;
}
if((isset(Yii::app()->user->id))&&(isset($_GET['id']))) {
$criteria = new CDbCriteria();
$criteria->select = 'user_id';
$criteria->compare('user_id', Yii::app()->user->id, true);
$criteria->compare('id', $_GET['id'], true);
$owner = Issue::model()->findAll($criteria);
return !empty($owner);
} else {
return false;
}
return false;
}
And then the bizrule:
return Issue::isOwnerOf();
I am well aware that the function could be written better, but it does the job for me. 
luc
(Luc Pfister)
3
Excellent, thanks a lot.
I’ve modified the following block:
/*$criteria = new CDbCriteria();
$criteria->select = 'user_id';
$criteria->compare('user_id', Yii::app()->user->id, true);
$criteria->compare('id', $_GET['id'], true);
$owner = Content::model()->findAll($criteria);
return !empty($owner);*/
if (Content::model()->findByPk($_GET['id'])->user_id == Yii::app()->user->id) {return true;} else {return false;};
