I get my users details from the database. I want to have accessrules where certain pages can be updated but only those belonging to the user.
i.e. Each user should be able to view and edit his own details in that table
How will I get that page to show to the user so he can update it, will it be through his id?
Are u using any module or ext to provide rbac?
If not u can do it using yii’s own access control feature.
Please take a look here
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
public function accessRules()
{
return array(
array('allow',
'actions'=>array('edit'),
'expression'=>'Users::isAllowed()',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
isAllowed() is a static moethod in Users class. It returns true ot flase (boolean)
U can write user checking code inside the method. through his id in url.In expression I can use any php code I want? Like
'expression' => '3==1'
I am pretty sure that It uses eval for running expression. I think u can do it. But anyway try to do it 