Hello, I have 2 models, Stories and Users. Stories has a foreign key that points to Users, establishing a relationship. I have it so that only admins can delete or edit a Story. However, the one time a regular User CAN delete/edit a story, is when the Story’s foreign key points to that particular User. In the access rules for Stories, I have:
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('index','view','create'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('update','delete'),
'expression'=>'$user->isAdmin() || $user->isOwner(<img src='http://www.yiiframework.com/forum/public/style_emoticons/default/huh.gif' class='bbc_emoticon' alt='???' />??)',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
I also have a function isOwner defined that checks to see if the logged in user owns that story. However, I need to pass into the function the value of the story’s foreign key, but I don’t know how to access that value from the controller. So basically I need to fill in ?? with the current Story’s foreign key that points to Users. Thanks.