Help
AR not accept scopes now... but I think it should...
why findAll apply scopes, and deleteAll not?
dafenetly a needed feature
Page 1 of 1
add scopes to deleteAll
Rate Topic:
#1
- Advanced Member
-
- Group: Members
- Posts: 392
- Joined: 16-March 11
- Location:Israel
Posted 28 October 2011 - 02:02 PM
Certification:
Test Yii:
Yii Framework Demos
Wiki:
Common Yii Questions
Tutorials:
Demo Blog Search with Zend_Lucene
Fundamentals:
Yii "registry" | Understanding the layout->view randering flow
Etc:
Shrink Yii | Caching config/main.php | CPhpAuthManager - how it works, and when to use it
Extensions:
Theme Picker | Language Picker (i18n)
Test Yii:
Yii Framework Demos
Wiki:
Common Yii Questions
Tutorials:
Demo Blog Search with Zend_Lucene
Fundamentals:
Yii "registry" | Understanding the layout->view randering flow
Etc:
Shrink Yii | Caching config/main.php | CPhpAuthManager - how it works, and when to use it
Extensions:
Theme Picker | Language Picker (i18n)
#2
- Yii - Yesss It Is !!!
-
- Group: Yii Dev Team
- Posts: 4,230
- Joined: 12-October 09
- Location:Croatia
Posted 28 October 2011 - 02:07 PM
There where an issue about that - http://code.google.c...s/detail?id=649
Find more about me.... btw. Do you know your WAN IP?
#3
- Advanced Member
-
- Group: Members
- Posts: 588
- Joined: 02-July 10
- Location:Central Poland
Posted 31 October 2011 - 11:25 AM
I agree that scopes should be applied also when using update/delete functions.
I use defaultScope frequently to force some filter on data based on user privileges. Such approach allows me to ensure that user won't see any data it is not allowed for him, but when I saw this thread (and issue log) - I realized that such user CAN delete or update ANY record...
I think it is a bug in fact, because developer can still use scopes in code:
User::model()->active()->deleteAll();
and framework should follow this scope, or shoul yell about deleting record when inner criteria object not being empty (at least warning in log) or it can lead to unpredictable behavior...
What is the concept behind this approach and ignoring scopes on update/delete and why Qiang selected "it won't be fixed"?
I use defaultScope frequently to force some filter on data based on user privileges. Such approach allows me to ensure that user won't see any data it is not allowed for him, but when I saw this thread (and issue log) - I realized that such user CAN delete or update ANY record...
I think it is a bug in fact, because developer can still use scopes in code:
User::model()->active()->deleteAll();
and framework should follow this scope, or shoul yell about deleting record when inner criteria object not being empty (at least warning in log) or it can lead to unpredictable behavior...
What is the concept behind this approach and ignoring scopes on update/delete and why Qiang selected "it won't be fixed"?
red
#4
- Advanced Member
-
- Group: Members
- Posts: 588
- Joined: 02-July 10
- Location:Central Poland
Posted 18 April 2012 - 11:16 AM
If anyone is interested - I did CActiveRecord overloaded class which adds scope support in update/delete functions. There are some limitations: you can in fact use only 'conditions', without relations as they are treated different in update/delete queries and ordering as it is pointless in update/delete) but it allows to keep scope conditions in one place and respects defaultScope for model.
red
Share this topic:
Page 1 of 1