Only user who made post can edit it

kuzmanovicb · November 1, 2011, 1:02pm

Hi I finished my first Yii powered site and I can tell you I love Yii!

But I am stuck on something that is probably simple but I just dont get it:(

I dont know how to dynamicly fill access rules list so only user who made post can edit it besides admins. I am using user module so people can register to add posts.

In my controler I have:


	public function accessRules()

	{

		// so only owner of the post can edit

		//if(isset($_GET['id']))

		if($_GET["id"]){

			if(Yii::app()->user->getId() === $_GET["id"])

			$user_updater = Yii::app()->user->username;

		}

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('index','view'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create'),

				'users'=>array('@'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('update'),

				'users'=>array($user_updater,'kuzmanovicb'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete'),

				'users'=>array('kuzmanovicb'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

But on localhost/yiitest/oglasi/1 I get error: Property "CWebUser.username" not defined.

I was trying to make admins generated dynamicly with something like


public function getusers(){

            $usersFromDB= Account::model()->findAll();

            foreach ($usersFromDB as $val)

            {

                    $users[]=$val->name;

            }

            retutn $users;

}

but dont know how to set this up for my example

In my model I have


	public function relations()

	{

		// NOTE: you may need to adjust the relation name and the related

		// class name for the relations automatically generated below.

		Yii::import('application.modules.user.models.*');

		return array(

			'kategorija' => array(self::BELONGS_TO, 'Kategorija', 'kategorija_id'),

			'user' => array(self::BELONGS_TO, 'User', 'user_id'),

		);

	}

and this works.

I want to thank You all who can help me.

Best Regards

Diegovl · November 1, 2011, 1:17pm

To set up Yii::app()->user->yourVar you can try this:

In your userIdentity class you have authenticate method? Yes? Good.

Here you can do this:


$this->setState('yourVar', $model->anyValue);

Next you be able to retrite it by: Yii::app()->user->yourVar.

However - for this specific case - the class userIdentity provide to get the username by getName method and save it in "name" var, not "username". Try to call Yii::app()->user->name.

Look here if you have questions: http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#defining-identity-class

Sorry for my bad english

kuzmanovicb · November 1, 2011, 1:32pm

Thank You for answering so fast!

I think we are getting somewhere because now I dont get error but the owner cant update his post.

Perhaps I am getting id of the post in the wrong way?


	public function accessRules()

	{

		// Da samo vlasnik posta moze da ga updatuje

		//if(isset($_GET['id']))

		if($_GET["id"]){

			if(Yii::app()->user->getId() === $_GET["id"])

			$user_updater = Yii::app()->user->name;

		}

kuzmanovicb · November 3, 2011, 8:59pm

Solved from another post:


public function accessRules()

        {

                $post = Oglasi::model()->findByPk(Yii::app()->request->getParam('id'));

                if(Yii::app()->user->getId() === $post->user_id) {

                        $user_updater = Yii::app()->user->name;

                        //$user_updater = 'test';

                }

                return array(

                        array('allow',  // allow all users to perform 'index' and 'view' actions

                                'actions'=>array('index','view'),

                                'users'=>array('*'),

                        ),

                        array('allow', // allow authenticated user to perform 'create' actions

                                'actions'=>array('create'),

                                'users'=>array('@'),

                        ),

                        array('allow', // allow authenticated user to perform 'update' actions

                                'actions'=>array('update'),

                                'users'=>array($user_updater,'admin'),

                        ),

                        array('allow', // allow admin user to perform 'admin' actions

                                'actions'=>array('admin'),

                                'users'=>array('admin'),

                        ),

                        array('allow', // allow admin user to perform 'delete' actions

                                'actions'=>array('delete'),

                                'users'=>array($user_updater,'admin'),

                        ),

                        array('deny',  // deny all users

                                'users'=>array('*'),

                        ),

                );

        }