Yii Framework Forum: How to ensure users can only access their own records? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How to ensure users can only access their own records? Rate Topic: -----

#1 User is offline   GSTAR 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,037
  • Joined: 30-October 09
  • Location:UK

Posted 11 February 2010 - 12:43 PM

For example in my database I have a field called "assigned_to", this contains the integer value of the user ID that the record is assigned to.

I want to configure accessRules() so that the users can only access their own records (when they are logged in) and not anybody elses.
0

#2 User is offline   Jason George 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 13
  • Joined: 30-December 09

Posted 11 February 2010 - 03:35 PM

Not sure if this is the best way to tackle the problem, but I would do something similar to the following in your view controller

public function accessRules()
{
	return array(
		array('allow',
			'actions'=>array('show'),
			'expression'=>$databaseModel->assigned_to==Yii::app()->user->id ? true : false,
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}

0

#3 User is offline   GSTAR 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,037
  • Joined: 30-October 09
  • Location:UK

Posted 12 February 2010 - 05:25 AM

OK I did that but it breaks the 'authenticated' users functionality. Here is my code:

public function accessRules()
{
	$model=Application::model()->findByPk($id);
	
	return array(
		array('allow',
			'actions'=>array('list', 'view'),
			'expression'=>$model->assigned_to==Yii::app()->user->id ? true : false,
		),
		array('allow',
			'actions'=>array('admin'),
			'users'=>array('@'), 
		),
		array('deny',
			'users'=>array('*'),
		),
	);
}


Where I try to access index.php?r=admin, the error message I get says: The requested page does not exist.
0

#4 User is offline   GSTAR 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,037
  • Joined: 30-October 09
  • Location:UK

Posted 12 February 2010 - 06:45 AM

Anyone able to advise?

I think what's happening is that $model is null on the 'admin' view. But it should ignore that really.
0

#5 User is offline   jayrulez 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 348
  • Joined: 29-July 09

Posted 12 February 2010 - 11:03 AM

View PostGSTAR, on 12 February 2010 - 06:45 AM, said:

Anyone able to advise?

I think what's happening is that $model is null on the 'admin' view. But it should ignore that really.



Reorder your access rules and put the one you want to give priority to at the top
php:
foreach(array('cat', 'dog', 'cow') as $animal) echo $animal."\n";

python:
[(animal, print(animal)) for animal in ['cat', 'dog', 'cow']]

ruby:
['cat', 'dog', 'cow'].each {|animal| puts animal}


You say Tomato, I say Tomato.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users