Bug or Feature?

Ascomae · January 3, 2009, 10:20pm

I created a Model and generated the CRUD pages, as descibed in http://www.yiiframew…start.first-app

I made a small user-administration for a web-site. An Administrator must not be allowed to delete himself.

I thought it should be enough to change the UserController->deleteAction() and test if the

Yii::app()->user->username !== $this->loadUser()->username

But nothing happened, in fact the Admin could delete himself. I changend that method to

public function actionDelete()


	{





		throw new CHttpException(500,'No user should be deleted.');





	}

But:

No Exception and the User is deleted.

Why?

Regards,

Christian

knut · January 3, 2009, 11:24pm

Strange. This shouldn't happen. I double checked (monkey testing) and added your exception line in my UsersController and I get the exception (I'm using the 1.0.0 release).

Please double check that you ran the correct file with the correct code.

Ascomae · January 4, 2009, 12:12am

I rechecked it with a new Project.

I still can delete the User with the

throw new CHttpException(500,'Invalid request. Please do not repeat this request again.');

in the first line of the actionDelete-Method.

I use Yii 1.0.0 and a mysql-DB as persistent-Storage.

Regards,

Christian

qiang · January 4, 2009, 1:28am

The code generated by crud is not very well written because it has two places that allow you to delete a user. One is in actionDelete(), the other is in processAdminCommand().

If you want to make an admin does not delete himself, you may do this check by overriding beforeDelete() in the user model.

Ascomae · January 4, 2009, 11:41am

Thanks,

I’ve just found the

processAdminCommand()

, thats where the User will be deleted.

Regards,

Christian