DEVHIDE
Login Or Sign up

Access rules restriction in yii

496 Views Asked by At

In my account model, I have an attribute called account_type_id upon registration if the user chooses his account to be an Admin account then it is set to 1 if however the user will be just an ordinary user it is set to 2 how do I change the access rules so that only the ones which are set to 1 can update or delete?

this is a sample of my code

 public function accessRules()
{
    $account=Account::model()->FindAll();
    return array(
        array('allow',  // allow all users to perform 'index' and 'view' actions
            'actions'=>array('index','view'),
            'users'=>array('*'),
        ),
        array('allow', // allow authenticated user to perform 'create' and 'update' actions
            'actions'=>array('create'),
            'users'=>array('@'),
        ),
        array('allow',
            'action'=>array('update', 'delete', 'admin'),
            'expression'=>"{$account->account_type_id}==1",
            ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}
php yii access-rules
Original Q&A
2

There are 2 best solutions below

2
hamed On BEST ANSWER

I think your code has one problem: Your $account is a array of objects, so you can't use $account->account_type_id. This has no meaning. User table should have a account_type_id field. So you can access the account_type_id of the logged in user anywhere in your application. You can try this:

array('allow',
        'action'=>array('update', 'delete', 'admin'),
        'expression'=> array('AccessControl','allowAdminOnly'),
        ),

Then you need to define AccessControl class and allowAdminOnly function in that class. AccessControl could be anywhere, for example in your extensions folder. Note allowAdminOnly muse return true or false. AccessControl should be like this:

class AccessControl{

   public function allowAdminOnly()
   {
      if(Yii::app()->user->account_type_id == 1)
        return true;
      else
        return false;
   }
}
0
Jigar On

You might have to implement something like this wiki or this one

So your access rules looks something like this:

// for access rules
return array(
      array('allow', 
        'actions'=>array('update','delete','admin'),
        'expression'=>'$user->isAdmin()'
      ),
// ...

Related Questions in PHP

Related Questions in YII

Related Questions in ACCESS-RULES

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.