Hello all,
I’m having difficulties in solving my issue so I’m looking for some advice:
The app has 2 sections: clients, offers
I’m working at an app that uses yii2-user, yii2-rbac for user management.
I have defined 3 users: admin, company and user.
-
Admin should be able to view/edit/add/delete in company and user’s records
-
Company should be able to create child users, view/edit/add/delete own + child created records in clients, offers.
-
Users should be able to view/edit/add/delete own records in clients and offers.
So far I’ve managed to view the records that belong to own user, but this is not restricting the view/edit/add/delete of records that can be guessed(changing the id in browser).
So the question is how to restrict every user to view/edit/add/delete only own records? The Yii2 documentation doesn’t have anything related to my issue, any pointers will be helpful.