[GSTAR]

For example in my database I have a field called "assigned_to", this contains the integer value of the user ID that the record is assigned to.

I want to configure accessRules() so that the users can only access their own records (when they are logged in) and not anybody elses.

[Jason George]

Not sure if this is the best way to tackle the problem, but I would do something similar to the following in your view controller

public function accessRules()
{
	return array(
		array('allow',
			'actions'=>array('show'),
			'expression'=>$databaseModel->assigned_to==Yii::app()->user->id ? true : false,
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}

[GSTAR]

OK I did that but it breaks the 'authenticated' users functionality. Here is my code:

public function accessRules()
{
	$model=Application::model()->findByPk($id);
	
	return array(
		array('allow',
			'actions'=>array('list', 'view'),
			'expression'=>$model->assigned_to==Yii::app()->user->id ? true : false,
		),
		array('allow',
			'actions'=>array('admin'),
			'users'=>array('@'), 
		),
		array('deny',
			'users'=>array('*'),
		),
	);
}

Where I try to access index.php?r=admin, the error message I get says: The requested page does not exist.

[GSTAR]

Anyone able to advise?

I think what's happening is that $model is null on the 'admin' view. But it should ignore that really.

[jayrulez]

GSTAR, on 12 February 2010 - 06:45 AM, said:

Anyone able to advise?

I think what's happening is that $model is null on the 'admin' view. But it should ignore that really.

Reorder your access rules and put the one you want to give priority to at the top