This method should be overridden to check whether the current user has the privilege
to run the specified action against the specified data model.
If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
public function _checkAccess($action, $model = null, $params = array()) { var_dump($action); var_dump($model); var_dump($params); die; parent::checkAccess($action, $model, $params); }
public function checkAccess($action, $model = null, $params = []) { parent::checkAccess($action, $model, $params); if ($model && !$model->checkAccess(Yii::$app->user->identity)) { throw new \yii\web\ForbiddenHttpException('You do not have access'); } }
public function checkAccess($action, $model = null, $params = []) { if ($model && !$model->isNewRecord) { if ($this->auto_filter_user && $this->user_identifier_column) { if (\Yii::$app->user->isGuest) { throw new HttpException(403, "Unknown user"); } if ($action == 'view' && $model->{$this->user_identifier_column} != \Yii::$app->user->id) { throw new HttpException(403, "No access"); } } } return parent::checkAccess($action, $model, $params); }