Hi,
at my startpage (site/index) I display a conservation where users can post some stuff. If the user has the according permissions, i generate some links to mod this conservation, as example delete posts.
This delete action should only work as POST request like default logout link.
How to check this in behavior method?
=>
if GET parameter "delete-post" is setted, check rule xy
link is then (for example)
mysite.com/web/index.php?r=site/index&delete-post=16
Here my behaviors (see comments):
class SiteController extends Controller
{
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'only' => ['contact', 'index', 'login', 'logout', 'setup', 'workspace'],
'rules' => [
[
'actions' => ['contact', 'index'],
'allow' => true,
'roles' => ['@'],
'denyCallback' => function() {
$this->redirect("site/login");
},
],
[
'actions' => ['logout'],
'allow' => true,
'roles' => ['@'],
],
[
'actions' => ['setup'],
'allow' => true,
'matchCallback' => function($rule, $action) {
return !DBHelper::validateUser();
},
],
[
'actions' => ['workspace'],
'allow' => true,
'roles' => ['access_workspace']
],
[
'actions' => ['login'],
'allow' => true,
'roles' => ['?'],
],
[
'actions' => ['index'] /* if "delete-post" is set */
'allow' => true,
'matchCallback' => function($rule, $action) {
\app\components\helpers\Chats::canDeletePost( /* access delete-post-parameter-value? */ )
},
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'logout' => ['post'],
'index' => ['post'] /* only if "delete-post"-parameter is set */
],
],
];
}
/* ... */
Thanks in advance for help