Yii accesscontroll with email address

Speeedfire · May 17, 2012, 9:23am

Hi,

i use the uniqe with email address, not the username. Username is not uniqe.

How to use accesscontroll with email and not user?

Little bit extra.

I wanna use this for a owner function.

Example model use the user id.

The controller use this:


public function isOwner() {

            Yii::app()->getModule('user');

            if(!Yii::app()->user->isGuest && !UserModule::isAdmin()) {

                $id = Yii::app()->user->id;

                $name = User::model()->findByPk($id);

                return //i dont no ?

            }

        }


//accessrule


                        array('allow',  // allow all users to access 'index' and 'view' actions.

				'actions'=>array('update'),

				'users'=>array('@'),

                                'expression'=>'$this->isOwner()'

			),

Speeedfire · May 17, 2012, 10:33am

My idea:




                        array('allow',   

'view' actions.

				'actions'=>array('update'),

				'users'=>array('@'),

                                'expression'=>$this->isOwner()

			),


        public function isOwner() {

            Yii::app()->getModule('user');

            if(!Yii::app()->user->isGuest && !UserModule::isAdmin()) {

                $owner_id = $this->loadModel()->pid;

                $user_id = Yii::app()->user->id;

                return ($user_id == $owner_id) ? true : false;

            }

        }

This code drop error:


Missing argument 1 for ExampleController::loadModel(),

abennouna · May 17, 2012, 11:01am

Hi Speedfire.

What’s your loadModel method? The error says it needs an argument…

Speeedfire · May 17, 2012, 11:07am

The loadModel is required $_GET[‘id’].

I modify this code, but…


        public function isOwner($id) {

            Yii::app()->getModule('user');

            if(!Yii::app()->user->isGuest && !UserModule::isAdmin()) {

                $owner_id = $this->loadModel($id)->pid;

                $user_id = Yii::app()->user->id;

                //var_dump($user_id == $owner_id); exit;

                return $user_id == $owner_id;

            }

        }

//accessrule


                        array('allow',  // allow update for owner.

				'actions'=>array('update'),

				'users'=>array('@'),

                                'expression'=>$this->isOwner((int)$_GET['id']),

                                'message'=>'Access Denied.',

			),

This returned:


call_user_func_array() expects parameter 1 to be a valid callback, no array or string given

Speeedfire · May 17, 2012, 11:12am

This works finally.




                        array('allow',  // allow update for owner.

				'actions'=>array('update'),

				'users'=>array('@'),

                                'expression'=>array($this, 'isOwner'),

                                'message'=>'Access Denied.',

			),




        public function isOwner() {

            Yii::app()->getModule('user');

            if(!Yii::app()->user->isGuest && !UserModule::isAdmin()) {

                $owner_id = $this->loadModel($_GET['id'])->pid;

                $user_id = Yii::app()->user->id;

                //var_dump($user_id == $owner_id); exit;

                return $user_id == $owner_id;

            }

        }