Users can only access their own records (Admins can access all records)
I’ve installed the yii-user extension
http://www.yiiframework.com/extension/yii-user/
In the client model I have
// This is for selects only not for CRUD
public function defaultScope()
{
return array(
'condition'=>'(user_id='.Yii::app()->user->id .' OR '. (Yii::app()->getModule('user')->isAdmin() ? 'TRUE' : 'FALSE') . ')',
);
}
which works fine. I also have this in the client model
protected function beforeSave()
{
if(parent::beforeSave())
{
if($this->isNewRecord)
{
$this->user_id=Yii::app()->user->id;
}
return true;
}
else
return false;
}
Its the access rules I’m struggling with - in the client controller I have
public function accessRules()
{
return array(
array('allow',
'actions'=>array('index','admin','create'),
'users'=>array('@'),
),
array('allow',
'actions' => array('update', 'delete','view'),
'expression' => '($this->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
),
array('deny', // deny all users - default action
'users'=>array('*'),
),
);
}
I’ve tried
'expression' => '($this->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
'expression' => '($client->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
'expression' => '($model->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
'expression' => '($databaseModel->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
'expression' => '($this->loadModel()->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
'expression' => '(Client::model()->findByPk($_GET[\'id\'])->user_id == Yii::app()->user->id || Yii::app()->getModule(\'user\')->isAdmin())',
I’m a bit stuck… any ideas?
Thanks, Russ