Jump to content
Larry Ullman's Book Forums


  • Posts

  • Joined

  • Last visited

kakooljay's Achievements


Newbie (1/14)



  1. How does the code below (p. 268) work? Is it definitely correct? Can someone walk me through this? In actionSetup (A): Why is updateUser a child of updateOwnUser? Doesn't that mean anyone who can update his/her OWN user info can also update anyone else's? In the controller (: Why is checkAccess (array('id' => $id)) used on updateUser instead of updateOwnUser? Does updateUser even use the ID parameter? Please help - thanks... Quite confused! Code A: # protected/controllers/SiteController.php::actionSetup() $auth = Yii::app()->authManager; // Create operations. $task = $auth->createTask('updateOwnUser', 'Allows a user to update her record', 'return $params["id"] == Yii::app()->user->id;'); $task->addChild('updateUser'); Code B: # protected/controllers/UserController.php public actionUpdate($id) { $model=$this->loadModel($id); if (!Yii::app()->user->checkAccess('updateUser', array('id' => $id))) { throw new CHttpException(403, 'You are not allowed to do this.'); } // Code for doing this. }
  2. You've got: $task=addChild(....); ... $role=addChild(....); Try this: $task->addChild(....); ... $role->addChild(....);
  • Create New...