public function actionViewAlbum($id) { if (($model = Album::findOne($id)) === null) { throw new NotFoundHttpException('The requested page does not exist.'); } if ($model->status != Album::TYPE_PUBLIC) { throw new ForbiddenHttpException('You are not allowed to perform this action.'); } return $this->render('viewAlbum', ['model' => $model]); }
public function actionViewAlbum($id) { if (($model = Album::findOne($id)) === null) { throw new NotFoundHttpException('The requested page does not exist.'); } if ($model->status !== Album::TYPE_PUBLIC || $model->status !== Album::TYPE_PUBLIC && $model->created_by !== Yii::$app->user->id) { throw new ForbiddenHttpException('You are not allowed to perform this action.'); } $user = $this->findModel($model->created_by); return $this->render('/user/viewAlbum', ['model' => $model, 'user' => $user]); }
/** * Finds the Album model based on its primary key value. * If the model is not found, a 404 HTTP exception will be thrown. * @param string $id * @return Album the loaded model * @throws NotFoundHttpException if the model cannot be found */ protected function findModel($id) { if (($model = Album::findOne($id)) !== null) { if ($model->created_by !== Yii::$app->user->id) { throw new ForbiddenHttpException('You are not allowed to perform this action.'); } return $model; } else { throw new NotFoundHttpException('The requested page does not exist.'); } }