TodoController::isAuthorized PHP Метод

Документация по классу TodoController Показать файл Открыть проект

isAuthorized() публичный Метод

public isAuthorized ( )

    public function isAuthorized()
    {
        $action = $this->request->param('action');
        $role = Session::getUserRole();
        $resource = "todo";
        // only for admins
        Permission::allow('admin', $resource, ['*']);
        // only for normal users
        Permission::allow('user', $resource, ['delete'], 'owner');
        $todoId = $this->request->data("todo_id");
        if (!empty($todoId)) {
            $todoId = Encryption::decryptIdWithDash($todoId);
        }
        $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId];
        return Permission::check($role, $resource, $action, $config);
    }

TodoController

beforeAction

create

delete

index

isAuthorized