I’d like to enable users to being able to only delete/edit their own entries and not those of others.
I’ve looked around for this question as I’m having a hard time figuring it out through the Wiki and, while having found some snippets and possible solutions, couldn’t get it to work.
I’ve tried something among the lines of this (my model is called ‘Song’), but couldn’t get it to work:
public function accessRules()
{
return array(
array('allow', // allow admin to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('@'),
),
array('allow', // allow specific user to perform 'update' actions
'actions'=>array('update'),
//'users'=>array('@'),
'users'=>array(Yii::app()->user->name),
'expression' => '(Yii::app()->user->id == ($_GET["id"]))',
),
array('allow', // allow admin user to perform 'admin' 'create' and 'delete' actions
'actions'=>array('admin','delete','create','update'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
I’ve also tried this which didn’t work either:
public function filters(){
return array(
'songowner + edit delete',
);
}
public function filterSongowner($chain){
$songmodel = Song::model()->findByPk(Yii::app()->request->getParam('id'));
if(Yii::app()->user->getId() === $songmodel->userid) {
$chain->run(); // allows access
} else {
new CHttpException(403, 'You cannot modify other authors songs.');
}
}
Who can help settle this issue once and for all step-by-step for the Yii newbies that can’t figure it out themselves?