[Solved] User - How To View, Update And Delete Own Account Only

UserController:




public function accessRules()

	{

		return array(

			array('allow',  // allow authenticated user to perform view and update actions

				'actions'=>array('view','update','delete'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform index, create, admin and delete actions

				'actions'=>array('index','create','admin'),

				'users'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}



layouts/main:




<div id="mbmenu">

		<?php

                    if (Yii::app()->user->isGuest) {

                        $this->widget('ext.mbmenu.MbMenu',array(

                            'activeCssClass' => 'active',

                            'activateParents' => true, 

                            'items'=>array(                                         

                                array('label'=>'Contact', 'url'=>array('/site/contact')),

                                array('label'=>'Login', 'url'=>array('/site/login'), 'visible'=>Yii::app()->user->isGuest),

                            ),

                            ));

                    } else {

                        $this->widget('ext.mbmenu.MbMenu',array(

                            'activeCssClass' => 'active',

                            'activateParents' => true,

                                'items'=>array(

                                    array('label'=>'Scaffold', 'url'=>array('/scaffold/admin')), 

                                    array('label'=>'Add Options', 'url'=>array(''), 

                                        'items'=>array(

                                            array('label'=>'Scaffold', 'url'=>array(''),

                                                'items'=>array(

                                                    array('label'=>'Department', 'url'=>array('/department/create')),

                                                    array('label'=>'Facility', 'url'=>array('/facility/create')),

                                                    array('label'=>'Type', 'url'=>array('/type/create')), 

                                            )),

                                            array('label'=>'Inspector', 'url'=>array('/inspector/create')),

                                        )

                                    ),

                                    array('label'=>'Users', 'url'=>array('/user/admin')),

                                    array('label'=>'Contact', 'url'=>array('/site/contact')),

                                    array('label'=>'Logout ('.Yii::app()->user->name.')', 'url'=>array('/site/logout'))

                            )

                        ));                     

                    }

                ?>

	</div><!-- mainmenu -->



What I would like to happen is if logged-in username is NOT ‘admin’ and Users tab from mbmenu was clicked then it should redirect to own account id in view (CDetailView) and will display only update and delete crud action on sidebar (Operations) but if logged-in as admin then redirect to ‘url’=>array(’/user/admin’)) and with normal crud actions on sidebar.

Hi Charles

Please see this thread.

You have many opportunities to do it. Look here.

You can use rbac or add expression to your rules, it depends on flexibility you need.

I would prefer adding expression to the rules b’coz I want to keep it simple and easy as it sounds.

However as a newbie to yii, php and basically to programming I don’t know where to start.

Kindly give me an example code similar to what I want to achieve. Thanks in advance.

I’m making a progress here by following this documentation (Simple RBAC).

But still I could not redirect to user/view of logged in user instead it opens the user/index page.

What am I missing on this code?




array('label'=>'Manage Account', 'url'=>array('/user/view','id'=>User::model()->id), 'visible'=>$user->checkAccess(User::ROLES_USER)),



EDIT

It works this way:




array('label'=>'Manage Account', 'url'=>array('/user/view','id'=>Yii::app()->user->id), 'visible'=>$user->checkAccess(User::ROLES_USER)),