public function actionViewAlbum($id)
{
if (($model = Album::findOne($id)) === null) {
throw new NotFoundHttpException('The requested page does not exist.');
}
if ($model->status != Album::TYPE_PUBLIC) {
throw new ForbiddenHttpException('You are not allowed to perform this action.');
}
return $this->render('viewAlbum', ['model' => $model]);
}
public function actionViewAlbum($id)
{
if (($model = Album::findOne($id)) === null) {
throw new NotFoundHttpException('The requested page does not exist.');
}
if ($model->status !== Album::TYPE_PUBLIC || $model->status !== Album::TYPE_PUBLIC && $model->created_by !== Yii::$app->user->id) {
throw new ForbiddenHttpException('You are not allowed to perform this action.');
}
$user = $this->findModel($model->created_by);
return $this->render('/user/viewAlbum', ['model' => $model, 'user' => $user]);
}
/**
* Finds the Album model based on its primary key value.
* If the model is not found, a 404 HTTP exception will be thrown.
* @param string $id
* @return Album the loaded model
* @throws NotFoundHttpException if the model cannot be found
*/
protected function findModel($id)
{
if (($model = Album::findOne($id)) !== null) {
if ($model->created_by !== Yii::$app->user->id) {
throw new ForbiddenHttpException('You are not allowed to perform this action.');
}
return $model;
} else {
throw new NotFoundHttpException('The requested page does not exist.');
}
}
