Hi everyone,
I'm using RBAC in my project, but I have to improve the system because If I allow the users with the rol... fe:"edit"
for admin and update posts as here:
//Posts Controller...
public function accessRules()
{
return array(
array('allow',
'actions'=>array('admin','update'),
'roles'=>array('edit_rol'),
),
These users can admin and edit all the posts , but I want that they only can edit and admin his own posts, so I need to add some "php logic" like if(postOwner->id== user->id...).
Is it possible to add a parameter in the allow array with a call to a function that runs this "php logic" in order to return true or false to the array, and with that RBAC can allow or not the user.
Thanks!
I'm using RBAC in my project, but I have to improve the system because If I allow the users with the rol... fe:"edit"
for admin and update posts as here:
//Posts Controller...
public function accessRules()
{
return array(
array('allow',
'actions'=>array('admin','update'),
'roles'=>array('edit_rol'),
),
These users can admin and edit all the posts , but I want that they only can edit and admin his own posts, so I need to add some "php logic" like if(postOwner->id== user->id...).
Is it possible to add a parameter in the allow array with a call to a function that runs this "php logic" in order to return true or false to the array, and with that RBAC can allow or not the user.
Thanks!