/**
* @inheritdoc
*/
public function run($id)
{
parent::run($id);
$this->_model->delete();
\Yii::$app->session->setFlash('success', $this->successMessage);
return $this->controller->redirect($this->redirectUrl);
}
/**
* Is the passed ID valid?
*
* Validate the id in the URL (the parent function) and then validate the id in the data.
*
* The data-id check is independent of the config setting `validateId`; this checks whether
* the id in the URL matches the id in the submitted data (a type insensitive check). If
* the id is different, this probably indicates a malicious form submission, attempting
* to add/edit a record the user doesn't have permission for by submitting to a URL they
* do have permission to access
*
* @param mixed $id
* @return boolean
* @throws BadRequestException If id is invalid
*/
protected function _validateId($id)
{
parent::_validateId($id);
$request = $this->_request();
if (!$request->data) {
return true;
}
$dataId = null;
$model = $this->_model();
$dataId = $request->data($model->alias . '.' . $model->primaryKey) ?: $request->data($model->primaryKey);
if ($dataId === null) {
return true;
}
// deliberately type insensitive
if ($dataId == $id) {
return true;
}
$this->_trigger('invalidId', array('id' => $dataId));
$message = $this->message('invalidId');
$exceptionClass = $message['class'];
throw new $exceptionClass($message['text'], $message['code']);
}
/**
* @inheritdoc
*/
public function run($id)
{
parent::run($id);
$viewParam = ['model' => $this->_model];
return \Yii::$app->request->isAjax ? $this->controller->renderAjax($this->view, $viewParam) : $this->controller->render($this->view, $viewParam);
}
