I want to limit all actions in a controller to the user who has a specific permission, in my case updatePost that is attributed to the author rĂ´le depending on an AuthorRule.
The controller aims at assigning translators to posts, not creating or updating the posts themselves.
The rule only verifies that the user is the creator of the post using a param whose name is author_id and value is the value of the author_id attribute of the post. Up to now, all this is common stuff.
I know I could check the
Yii::$app->user->can('updatePost', ['author_id' => <a value>])
function's result in each action. Nevertheless, I read in Yii's guide that the authorisation name (updatePost) could also be given in the behavior like this:
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['index','create', 'view', 'update'],
'roles' => ['updatePost'],
],
and that in this case the AuthorRule's execute method will be called.
My question is: " What is the exact syntax in this case to pass the author_id to the AuthorRule's execute function ?"
You can not pass parameters like that. I guess it's not prepared for parameters because usually you don't know the exact values during this step (these are usually passed as arguments to the action).
Move this check to the action or if you do know the value use matchCallback like:
'matchCallback' => function ($rule, $action) {
return Yii::$app->user->can('updatePost', ['author_id' => <a value>]);
}
Related
i develop a custom module with forms to save data in SQL-Datebase. I want to use for that the node-structure.
Normal SQL-savings for example table works but not for the node-tables.
Any idea what is going wrong?
This ist my Code for saving, which works in non-node-tables:
public function submitForm(array &$form, FormStateInterface $form_state) { $connection = \Drupal::service('database');
$result = $connection->insert('node.node__body')
->fields(['body_value'])
->values([
'body_value' => 'text for body',
])
->execute();
$form_state->setRedirect('modulname.form');
}
Use Entity API in Drupal to manipulate or create a node.
In your case,
$node = \Drupal::entityTypeManager()->getStorage('node')->create(
[
'type' => 'page',
'title' => 'New Basic Page',
'body' => 'text for body'
]
);
Here, type is the content type machine name. Don't forget to update with your own. Also you probably want to inject the entity_type.manager service and use in the code.
Get more info here: Working with entities in Drupal
What is the right way to have variable pagination in Yii2?
I mean by this, that I want the user to be able to give the number of items in a page while sending an API request.
I know about setting the pageSize in the dataProvider.
$dataProvider = new SqlDataProvider([
'sql' => 'SELECT * FROM user WHERE status=:status',
'params' => [':status' => 1],
'pagination' => [
'pageSize' => 20,
],
]);
But my question is about anything that is built in that allows the user to send the pageSize through the request? Is there anything built-in to perform this function?
Leave empty the pagination field in the dataProvider and just add the per-page GET parameter in your calls:
http://your_url/controlller/action?per-page=20
More info here.
I have a yii\bootstrap\Nav, where I have several menu items. One of them is the logout. Consider these two examples.
$menuItems = [
[
'label' => 'Logout ('. Yii::$app->user->identity->username. ')',
'url' => ['/site/logout'],
'linkOptions' => ['data-method' => 'post'],
'visible' => !Yii::$app->user->isGuest,
],
]
vs
if (!Yii::$app->user->isGuest) {
$menuItems[] =
[
'label' => 'Logout ('. Yii::$app->user->identity->username. ')',
'url' => ['/site/logout'],
'linkOptions' => ['data-method' => 'post'],
];
}
My Application crashes with the error for the
Trying to get property of non-object
on the line with Yii::$app->user->identity->username.
I use the second solution which works fine, but can you explain why the code executes bypassing the 'visible' parameter for the first block.
In the second case you check for not a guest and this mean that
Yii::$app->user
is a correct objecy and then you can access to username
in first you use only the visible menuitem attribute this as described in doc mean
http://www.yiiframework.com/doc-2.0/yii-widgets-menu.html#$items-detail
Visible: boolean, optional, whether this menu item is visible.
Defaults to true.
this mean that this attribute manage the hide or show of the menu item. But in this case the code for user remain the same so based on fact that a guest don't crate a proper user object you have the rror for accessi a propert ofr a null object
In your first code block
Yii::$app->user->identity->username
change it to
(Yii::$app->user)?("Logout(".(Yii::$app->user->identity->username.")"):'Login'
NOTE: change url accordingly. visibility is not required to configure.
If there is no login user Yii::$app->user->identity->username statement cannot return username because there is no user identity exist (Yii::$app->user->identity is null)
Is there an easy way to force DetailView in Yii2 to ignore these fields in its attributes list, that for particular model are empty?
Or the only way is to define every attribute on attributes list with own function and filter empty fields inside it (sound like a little bit of madness)?
Edit: I thought, that this is pretty self-explanatory, but it turned out, it isn't. So, basically, I want to force DetailView to ignore (not render) rows for these elements of attributes list, that have empty (null, empty string) values in corresponding model and thus would result in rendering empty table cell:
You can define template parameter of DetailView widget as a callback function with following signature function ($attribute, $index, $widget) and this callback will be called for each attribute, so you can define desired rendering for your rows:
DetailView::widget([
'model' => $model,
'template' => function($attribute, $index, $widget){
//your code for rendering here. e.g.
if($attribute['value'])
{
return "<tr><th>{$attribute['label']}</th><td>{$attribute['value']}</td></tr>";
}
},
//other parameters
]);
Would something like this work better? It preserves some of the niceties like: updated_at:datetime, which with one of the solutions above will just show the underlying value, not a converted value.
<?= DetailView::widget([
'model' => $model,
'attributes' => [
'id',
[
'attribute' => 'my_attribute',
'visible' => !empty($model->my_attribute)
],
]
]);
I'm creating a back-office module for Prestashop and have figured out everything except the best way to display the admin page. Currently I'm using the renderView() method to display the content of view.tpl.
I would like to display a table with values and an option to add a new row. Should I just create it in the view.tpl or is there a better way? I've seen the renderForm() method but haven't figured out how it works yet.
The biggest question I have is, how do I submit content back to my controller into a specific method?
ModuleAdminController is meant for managing some kind of records, which are ObjectModels. Defauly page for this controller is a list, then you can edit each record individually or view it's full data (view).
If you want to have a settings page, the best way is to create a getContent() function for your module. Besides that HelperOptions is better than HelperForm for this module configuration page because it automatically laods values. Define the form in this function and above it add one if (Tools::isSubmit('submit'.$this->name)) - Submit button name, then save your values into configuration table. Configuration::set(...).
Of course it is possible to create some sort of settings page in AdminController, but its not meant for that. If you really want to: got to HookCore.php and find exec method. Then add error_log($hook_name) and you will all hooks that are executed when you open/save/close a page/form. Maybe you'll find your hook this way. Bettter way would be to inspect the parent class AdminControllerCore or even ControllerCore. They often have specific function ready to be overriden, where you should save your stuff. They are already a part of execution process, but empty.
Edit: You should take a look at other AdminController classes, they are wuite simple; You only need to define some properties in order for it to work:
public function __construct()
{
// Define associated model
$this->table = 'eqa_category';
$this->className = 'EQACategory';
// Add some record actions
$this->addRowAction('edit');
$this->addRowAction('delete');
// define list columns
$this->fields_list = array(
'id_eqa_category' => array(
'title' => $this->l('ID'),
'align' => 'center',
),
'title' => array(
'title' => $this->l('Title'),
),
);
// Define fields for edit form
$this->fields_form = array(
'input' => array(
array(
'name' => 'title',
'type' => 'text',
'label' => $this->l('Title'),
'desc' => $this->l('Category title.'),
'required' => true,
'lang' => true
),
'submit' => array(
'title' => $this->l('Save'),
)
);
// Call parent constructor
parent::__construct();
}
Other people like to move list and form definitions to actual functions which render them:
public function renderForm()
{
$this->fields_form = array(...);
return parent::renderForm();
}
You don't actually need to do anything else, the controller matches fields to your models, loads them, saves them etc.
Again, the best way to learn about these controller is to look at other AdminControllers.