Cody 0 Posted July 9, 2013 Report Share Posted July 9, 2013 Is there a reason why "$model=$this->loadModel($id);" has to go before the checkAccess line or can it go after (as in my example)? I noticed it works both ways. Also, is it a bad idea to redirect users to the home page if they are trying to access a restricted page (as shown below)? public function actionUpdate($id) { // Checks to see if user can update page if (!Yii::app()->user->checkAccess('user_update', array('id'=>$id))){ // Redirects user to home page if denied access $this->redirect(array('site/index')); } $model=$this->loadModel($id); if(isset($_POST['User'])) { $model->attributes=$_POST['User']; if($model->save()) $this->redirect(array('view','id'=>$model->id)); } $this->render('update',array( 'model'=>$model, )); } Quote Link to post Share on other sites
Larry 428 Posted July 10, 2013 Report Share Posted July 10, 2013 Thanks for your questions. This all looks fine to me. As for redirecting to the home page, it's really a matter of whether you want to make the permission denied overt or not. You could use a flash message to indicate that on the home page, though. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.