Hi, here’s a very common scenario:
I have an articleModel, which has an user_id attribute to hold the ‘owner/creator’.
How should I implement an access control filter to check if the currently logged in user Yii::app()->user->id is the owner when taking actions such as delete or update?
This well known scenario applies to many of my models, so it would be great to generalize it somehow as a controller behavior, or as a base controller class.
A second concern is that the access filter will have to load(using findByPk) the record to check it for access(at least one extra SQL query , depending on default scope and articleModel relations).
I would like to cache the record for the next findByPk(), which happens in Gii/Giix generated controller actions.
Thank You.