How to prevent all detailView show data from another user ??
For example, this happens when you type an product ID of another user in the UR. The detailView shows the details of the product normally, however belongs to another User, and may even change it and delete it.
You can do something like this in the controller if you don’t want to use RBAC :
protected function findModel($id)
{
//Check if the author is the current user
if (($model = Product::findOne($id)) !== null && $model->author_id==Yii::$app->user->id) {
return $model;
} else {
throw new NotFoundHttpException('The requested page does not exist.');
}
}
Like this users which are not the author can’t view, update or delete the product.