我正在制作我的拼贴项目,其中管理员可以创建员工(教师),教师现在可以创建学生我的问题是,在索引和视图文件中,任何员工都可以看到最近添加的学生总列表。
我想在视图/索引文件上添加条件,以便特定教师可以查看他或她创建的学生列表。
我在用户表和员工表之间建立了链接(由&更新创建)
此致 Yuvraj Verma
<section class="content doc-user-profile">
<div class="col-md-12 text-center">
</div>
</div>
<table class="table table-striped">
<tr>
<th><?= $info->getAttributeLabel('stu_unique_id') ?></th>
<td><?= Html::encode($info->stu_unique_id) ?></td>
</tr>
<tr>
<th><?php echo Yii::t('stu', 'Name'); ?></th>
<td><?= Html::encode($this->title) ?></td>
</tr>
<tr>
<th><?= $info->getAttributeLabel('stu_email_id') ?></th>
<td><?= Html::encode($info->stu_email_id) ?></td>
</tr>
<tr>
<th><?= $info->getAttributeLabel('stu_mobile_no') ?></th>
<td><?= $info->stu_mobile_no ?></td>
</tr>
<tr>
<th><?php echo Yii::t('stu', 'Status'); ?></th>
<td>
<?php if($model->is_status==0) : ?>
<span class="label label-success"><?php echo Yii::t('stu', 'Active'); ?></span>
<?php else : ?>
<span class="label label-danger"><?php echo Yii::t('stu', 'InActive'); ?></span>
<?php endif; ?>
</td>
</tr>
</table>
</div>
<div class="col-lg-9 profile-data">
<ul class="nav nav-tabs responsive" id = "profileTab">
<li class="active" id = "personal-tab"><a href="#personal" data-toggle="tab"><i class="fa fa-street-view"></i> <?php echo Yii::t('stu', 'Personal'); ?></a></li>
</ul>
<div id='content' class="tab-content responsive">
<div class="tab-pane active" id="personal">
<?= $this->render('_tab_stu_personal', ['info' => $info, 'model' => $model]) ?>
</div>
</div>
</div>
</div> <!---End Row Div--->
学生创建控制器如下:
public function actionCreate()
{
$model = new StuMaster();
$info = new StuInfo();
$user =new User();
$auth_assign = new AuthAssignment();
if (Yii::$app->request->isAjax) {
if($info->load(Yii::$app->request->post())) {
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
return ActiveForm::validate($info);
}
if($model->load(Yii::$app->request->post())) {
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
return ActiveForm::validate($model);
}
}
$stud_uniq_no = \app\modules\student\models\StuInfo::find()->max('stu_unique_id');
$uniq_id = NULL;
if(empty($stud_uniq_no)) {
$uniq_id = $info->stu_unique_id = 1;
}
else {
$chk_id = StuInfo::find()->where(['stu_unique_id' => $stud_uniq_no])->exists();
if($chk_id)
$uniq_id = $stud_uniq_no + 1;
else
$uniq_id = $stud_uniq_no;
}
if ($model->load(Yii::$app->request->post()) && $info->load(Yii::$app->request->post()))
{
if (Yii::$app->request->isAjax) {
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
return ActiveForm::validate($info);
}
if (Yii::$app->request->isAjax) {
\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
return ActiveForm::validate($model);
}
$model->attributes = $_POST['StuMaster'];
$info->attributes = $_POST['StuInfo'];
$info->stu_dob = Yii::$app->dateformatter->getDateFormat($_POST['StuInfo']['stu_dob']);
if(empty($_POST['StuInfo']['stu_email_id']))
$info->stu_email_id = NULL;
else
$info->stu_email_id = strtolower($_POST['StuInfo']['stu_email_id']);
$login_id = \app\models\Organization::find()->one()->org_stu_prefix.$uniq_id;
$user->user_login_id = $login_id;
$user->user_password = md5($user->user_login_id.$user->user_login_id);
$user->user_type = "S";
$user->created_by = Yii::$app->getid->getId();
$user->created_at = new \yii\db\Expression('NOW()');
if($info->save(false))
{
$user->save(false);
}
$model->stu_master_stu_info_id = $info->stu_info_id;
$model->stu_master_user_id = $user->user_id;
$model->created_by = Yii::$app->getid->getId();
$model->created_at = new \yii\db\Expression('NOW()');
$model->save(false);
$s_info = StuInfo::findOne($model->stu_master_stu_info_id);
$s_info->stu_info_stu_master_id = $model->stu_master_id;
$s_info->save(false);
$auth_assign->item_name = 'Student';
$auth_assign->user_id = $user->user_id;
$auth_assign->created_at = date_format(date_create(),'U');
$auth_assign->save(false);
if ($model->save()) {
return $this->redirect(['view', 'id'=>$model->stu_master_id]);
}
else
return $this->render('create', ['model' => $model, 'info' => $info, 'uniq_id'=>$uniq_id]);
} else {
return $this->render('create', [
'model' => $model, 'info' => $info, 'uniq_id'=>$uniq_id
]);
}
}
答案 0 :(得分:0)
在“modelSearch”的搜索功能中添加created_by过滤器:
public function search($params)
{
$query = StuInfo::find();
...
$query->andFilterWhere(['created_by' => Yii::$app->user->identity->id]);
....
}
对于您的视图(actionView),您可以检查记录是否是由渲染用户在渲染之前创建的。
这会随着时间变得复杂,所以我建议使用授权 - Yii2 Access Control and Authorization
答案 1 :(得分:0)
您的创建操作正常。 您必须在控制器的索引/视图操作中加入限制 您的索引操作应该是这样的
public function actionIndex()
{
$searchModel = new StudentSearch();
$query = Student::find()->where(['teacher_id'=>$logged_teacher_id_from_session]);
$dataProvider = new ActiveDataProvider([
'query' => $query,
'pagination' => [
'pageSize' => 20,
],
'sort' => [
'defaultOrder' => [
'student_id' => SORT_ASC,
]
],
]);
return $this->render('index', [
'searchModel' => $searchModel,
'dataProvider' => $dataProvider,
]);
}
在这种情况下,登录的教师只能看到他/学生