I touched upon this once before in my question Recognize the User
but wanted to see if I understood properly. This got put on hold and now I am back on the subject.
So the idea is to restrict normal users to only be able to see/access/edit their own entries, but admins can see/access/edit them all.
So I need to add a column to my tables to indicate who created the record.
Then do I edit the search model so it filters by user if it is a normal user, and doesn’t filter if it is an admin user.
How do I ensure someone doesn’t try to directly access a record (bypass the gridview and directly enter a URL with a different record ID)?
Thank you for your advice on this.