AR not accept scopes now… but I think it should…
why findAll apply scopes, and deleteAll not?
dafenetly a needed feature
AR not accept scopes now… but I think it should…
why findAll apply scopes, and deleteAll not?
dafenetly a needed feature
I agree that scopes should be applied also when using update/delete functions.
I use defaultScope frequently to force some filter on data based on user privileges. Such approach allows me to ensure that user won’t see any data it is not allowed for him, but when I saw this thread (and issue log) - I realized that such user CAN delete or update ANY record…
I think it is a bug in fact, because developer can still use scopes in code:
User::model()->active()->deleteAll();
and framework should follow this scope, or shoul yell about deleting record when inner criteria object not being empty (at least warning in log) or it can lead to unpredictable behavior…
What is the concept behind this approach and ignoring scopes on update/delete and why Qiang selected “it won’t be fixed”?
If anyone is interested - I did CActiveRecord overloaded class which adds scope support in update/delete functions. There are some limitations: you can in fact use only ‘conditions’, without relations as they are treated different in update/delete queries and ordering as it is pointless in update/delete) but it allows to keep scope conditions in one place and respects defaultScope for model.