Jump to content
Larry Ullman's Book Forums


Recommended Posts

How does the code below (p. 268) work? Is it definitely correct? Can someone walk me through this? 
In actionSetup (A): Why is updateUser a child of updateOwnUser? Doesn't that mean anyone who can update his/her OWN user info can also update anyone else's? 
In the controller (B): Why is checkAccess (array('id' => $id)) used on updateUser instead of updateOwnUser? Does updateUser even use the ID parameter?
Please help - thanks...
Quite confused!
Code A:
# protected/controllers/SiteController.php::actionSetup()
$auth = Yii::app()->authManager;
// Create operations.
$task = $auth->createTask('updateOwnUser',
'Allows a user to update her record',
'return $params["id"] == Yii::app()->user->id;');
Code B:
# protected/controllers/UserController.php
public actionUpdate($id) {
if (!Yii::app()->user->checkAccess('updateUser',
array('id' => $id))) {
throw new CHttpException(403,
'You are not allowed to do this.');
// Code for doing this.


Link to comment
Share on other sites


  • Create New...