我理解ActionColumn按钮的可见性可以这样控制:
<?= GridView::widget([
'dataProvider' => $dataProvider,
'filterModel' => $searchModel,
'columns' => [
['class' => 'yii\grid\SerialColumn'],
'id',
'title',
'body:ntext',
// ['class' => 'yii\grid\ActionColumn'],
[
'class' => 'yii\grid\ActionColumn',
'visibleButtons' =>
[
'update' => Yii::$app->user->can('updatePost'),
'delete' => Yii::$app->user->can('updatePost')
]
],
],
]);
?>
我创建了RBAC授权,以及基于yii2文档的AuthorRule规则类 http://www.yiiframework.com/doc-2.0/guide-security-authorization.html
对于roleParams,我已经实现了如下(在视图模板中):
if (\Yii::$app->user->can('updatePost', ['post' =>$model]){
//if the post is created by current user then do this
}
如何在GridView小部件中找出模型或至少id,以便我执行以下操作:
'visibleButtons' =>
[
'update' => Yii::$app->user->can('updatePost',['post' => \app\models\Post::findOne($howToGetThisId)]),
'delete' => Yii::$app->user->can('updatePost',['post' => \app\models\Post::findOne($howToGetThisId)])
]
我的最终目标是,对于具有作者角色的用户,仅当帖子是由该用户创建时,才会显示更新和删除按钮。我们也欢迎任何其他想法来实现这一目标。
谢谢!
答案 0 :(得分:4)
您可以对visibleButtons执行相同的操作:
'visibleButtons' => [
'update' => function ($model) {
return \Yii::$app->user->can('updatePost', ['post' => $model]);
},
'delete' => function ($model) {
return \Yii::$app->user->can('updatePost', ['post' => $model]);
},
]