hi all i need help,
in cases in other cms where every user can create a post articles (ex : wordpress , joomla, drpal etc)
how to check post on each user
example
userA has the article with ID = 1,2,3,4, and 5
userB have an article with ID = 6,7,8,9 and 10
if the url it usually
www.site.com/index.php?r=post/edit/1
ID number 1 can be easily replaced in the url, even though we can hide in order not to look at the url can be hidden or even in its form action
Thanks
Hi,
Most usual way is get find article and check it $article.user_id = Yii::app()->user->id. Of course, you should allow only authorized users to access for this action.
Second way is use wacf extension and configure resource filter:
public function accessRules()
{
return array(
// allow edit only to article owners
array('allow',
'actions' => array('edit', 'delete'),
'users' => '@'
'resource' => array(
'model' => Article::model(), // specify resource model
),
),
...
);
}
hi weavora team thanks for your solution
i will try for both