In my account model, I have an attribute called account_type_id upon registration if the user chooses his account to be an Admin account then it is set to 1 if however the user will be just an ordinary user it is set to 2 how do I change the access rules so that only the ones which are set to 1 can update or delete?
this is a sample of my code
public function accessRules()
{
$account=Account::model()->FindAll();
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create'),
'users'=>array('@'),
),
array('allow',
'action'=>array('update', 'delete', 'admin'),
'expression'=>"{$account->account_type_id}==1",
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
I think your code has one problem: Your $account is a array of objects, so you can't use $account->account_type_id. This has no meaning. User table should have a account_type_id field. So you can access the account_type_id of the logged in user anywhere in your application.
You can try this:
array('allow',
'action'=>array('update', 'delete', 'admin'),
'expression'=> array('AccessControl','allowAdminOnly'),
),
Then you need to define AccessControl class and allowAdminOnly function in that class. AccessControl could be anywhere, for example in your extensions folder. Note allowAdminOnly muse return true or false. AccessControl should be like this:
class AccessControl{
public function allowAdminOnly()
{
if(Yii::app()->user->account_type_id == 1)
return true;
else
return false;
}
}