Is there a reason why "$model=$this->loadModel($id);" has to go before the checkAccess line or can it go after (as in my example)? I noticed it works both ways.
Also, is it a bad idea to redirect users to the home page if they are trying to access a restricted page (as shown below)?
public function
actionUpdate($id)
{
// Checks to see if user can update
page
if (!Yii::app()->user->checkAccess('user_update', array('id'=>$id))){
// Redirects user to home page if denied access
$this->redirect(array('site/index'));
}
$model=$this->loadModel($id);
if(isset($_POST['User']))
{
$model->attributes=$_POST['User'];
if($model->save())
$this->redirect(array('view','id'=>$model->id));
}
$this->render('update',array(
'model'=>$model,
));
}