Hi all. I have finished chapter 8 but I expected that at the end of the process, that I would be able to add and delete projects at will. This wasn’t the case (not a criticism of the book, can’t cover absolutely everything).
I found I could create projects but that they had no owner, so couldn’t be deleted by anyone using the app. I have gotten this to work now by adding code similar to that found in the verification function of the ProjectUserForm class to the actionCreate action of the ProjectController.
Here’s my new actionCreate() method:
public function actionCreate()
{
$model=new Project;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['Project']))
{
$model->attributes=$_POST['Project'];
if($model->save())
{
//automatically assign the current user as the owner of newly created projects...
$user = Yii::app()->user;
$model->associateUserToProject($user);
$model->associateUserToRole('owner', $user->id);
$auth = Yii::app()->authManager;
//check if this user is already in the auth hierarchy in this role, if so, we don't need to add them again as the bizrule will take care of validating the access within the project context
if(!$auth->isAssigned('owner', $user->id))
{
$bizRule='return isset($params["project"]) && $params["project"]->isUserInRole("owner");';
$auth->assign('owner', $user->id, $bizRule);
}
$this->redirect(array('view','id'=>$model->id));
}
}
$this->render('create',array(
'model'=>$model,
));
}
It works, but is it the “right” (MVC) way to do it? Is there a more elegant solution that I’m missing?
Also: I want to be able to restrict deletions to authenticated users with a role of "owner" (for the current project). I see I can add a roles rule to the accessRules() method, but I am not sure how to ensure the proper project context here (ie, that the user is actually owner of THIS project). Has anyone got any ideas on this?
