I’m looking to build out a Yii website, where people can signup and create their own blog. I’m wondering what the best approach is to restrict controller actions to only the current blog. For example if I’m logged into www.mydomain.com/stevesblog how do I ensure that I can only perform all actions to stevesblog and not to johnsblog. Would a module be the solution here with checks in the beforeControllerAction ?
I like to make modules out of things that require broad rules (in every controller or model) and this seems to fit. In this case you have a very simple rule - only owners of content can add/delete/update it.
What I would do is define a ‘isOwner’ beforeControllerAction function in the module config itself. That way it is active on ALL module controllers and requires the person to be the owner of that content before they can mess with it.
Of course in order to write such a function you will need a way of determining blog author in your DB design.
Hmm… Multi-database is an interesting option though I would be afraid of the refactoring required to add new features/options. It would also mean that the application would have to create a new database on the fly during signup. But I will check it out see if its feasible because it would simplify things…
Yes there will be other stuff for sure, admin stuff more users, approvals etc, profile pages etc. So its not just a post-a-blog type of thing, which means everything that happens with the database/logins has to be filtered by blogId which I will grab onBeginRequest.