How does the code below (p. 268) work? Is it definitely correct? Can someone walk me through this?
In actionSetup (A): Why is updateUser a child of updateOwnUser? Doesn't that mean anyone who can update his/her OWN user info can also update anyone else's?
In the controller (: Why is checkAccess (array('id' => $id)) used on updateUser instead of updateOwnUser? Does updateUser even use the ID parameter?
Please help - thanks...
$auth = Yii::app()->authManager;
// Create operations.
$task = $auth-