Hi all,
I have a Yii2 advanced template with mdmsoft/yii2-admin module
I have two tables club and players
I have a role « Football Club » which can see only his own players. So for that I’ve created a controller action actionList to list only the players of the club.
Now I created a rule to check if a club can view a player like this :
class PlayerViewRule extends Rule
{
public $name = 'ViewOwnPlayer';
public function execute($user, $item, $params)
{
$userModel = \common\models\User::findOne($user);
$player = \app\models\Player::findOne((int) $_GET['id']);
if (!$player) throw new \yii\base\InvalidParamException("Player doesn't exist!");
return (Yii::$app->user->identity->isAdmin) ?
true :
(($userModel) ? $userModel->userType->id_club == $player->id_club : false);
}
}
In my module, I’ve created a new rule with name : ViewOwnPlayer and assigned the class above (PlayerViewRule) to that rule.
I’ve created a new persmission : JoueurViewOwn using the route /player/view which use my PlayerViewRule.
Now in my application, when I visit the link /player/list (so that the club can see a list of all his players) the execute() function of the rule PlayerViewRule is executed (even if I only assign this rule to the route /player/view)
I want to execute my rule only when a user visits /player/view but not with /player/list or any other action.
Is there any mistakes with my reasoning ? Or it’s just a bug of the mdmsoft/yii2-admin module ?
Thanks in advance