Cody Posted July 9, 2013 Share Posted July 9, 2013 Is there a reason why "$model=$this->loadModel($id);" has to go before the checkAccess line or can it go after (as in my example)? I noticed it works both ways. Also, is it a bad idea to redirect users to the home page if they are trying to access a restricted page (as shown below)? public function actionUpdate($id) { // Checks to see if user can update page if (!Yii::app()->user->checkAccess('user_update', array('id'=>$id))){ // Redirects user to home page if denied access $this->redirect(array('site/index')); } $model=$this->loadModel($id); if(isset($_POST['User'])) { $model->attributes=$_POST['User']; if($model->save()) $this->redirect(array('view','id'=>$model->id)); } $this->render('update',array( 'model'=>$model, )); } Link to comment Share on other sites More sharing options...
Larry Posted July 10, 2013 Share Posted July 10, 2013 Thanks for your questions. This all looks fine to me. As for redirecting to the home page, it's really a matter of whether you want to make the permission denied overt or not. You could use a flash message to indicate that on the home page, though. Link to comment Share on other sites More sharing options...
Recommended Posts