Difference between #2 and #3 of
How to use Expression in default AccessControl to allow only the owner to do some action

Revision #3 has been created by whatif on Jul 31, 2013, 3:06:37 AM with the memo:

You can use $this instead of "ExampleController" if the check method is in the same controller.
« previous (#2) next (#4) »

Changes

Title unchanged

How to use Expression in default AccessControl to allow only the owner to do some action

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

expression, owner, only owner, access control, tutorial, RBAC

Content changed

[...]
In this ExampleController, it uses the default accessControl and accessRule.

In this default accessRule, add actions to allow ( 'view', 'update', 'delete' ) and expression for it ( array('ExampleController','allowOnlyOwner') ).

"ExampleController" is the class where the method 'allowOnlyOwner' is.
These can be any other class and method. You can use $this instead of "ExampleController" if 'allowOnlyOwner" is in the same controller as accessRules.

In function allowOnlyOwner, I assumed that the user class has 'isAdmin' property ( Yii::app()->user->isAdmin ). This can be any other condition if you can check if the user is 'admin'.

For example,
[...]
6 1
9 followers
Viewed: 59 609 times
Version: 1.1
Category: How-tos
Tags: access control, expression, only owner, owner, rbac, tutorial
Written by: whatif
Last updated by: DineshR
Created on: Jul 29, 2013
Last updated: 9 years ago
Update Article
Revert to #2 | Revert to #3

Revisions

View all history