Question

I have two levels of admins who can create and update users, "Admin" and "Manager".

In my User _form.php I have a "user_type" dropdown that has my account levels.

I want to limit managers from creating "Admin" accounts, and obviously hide the dropdown entirely when a user is updating their own record.

a) Is there a way to use rules() to control this behaviour? b) I thought about creating a scope called "hideAdmin" which would look like this:

'hideAdmin' => array(
   'condition' => 'user_type != "Admin"',
),

and then creating a public method in my model called "scopeToUse()" which looks like this:

    public function scopeToUse() {
        $scope = 'hideAdmin()';
        if(Yii::app()->authManager->checkAccess('Admin', Yii::app()->user->id)) {
            $scope = 'orderAsc()';
        } 
        return $scope;
    }

And finally, creating my dropdown list like this.

<?php echo $form->dropDownList($model,'user_type_id',
   CHtml::listData(UserType::model()->scopeToUse()->findAll(),'id','user_type')); ?>

I was hoping 'scopeToUse()' would return the scope name and it would work, but I just end up getting this back:

Fatal error: Call to a member function findAll() on a non-object

Any idea on the right way to do this?

EDIT

I ended up taking a cue from @Rafay-Zia-Mir and creating a new method in my user class that checked permissions and returned the appropriate CHtml::listData along with the scope I wanted. Wasn't exactly what I had intended, but the end result is the same, it kept me from putting too much code in my view, and it allowed me to use my scopes instead of duplicating the selection criteria.

This was the code:

    public function userTypeDropdown() {
        if(Yii::app()->authManager->checkAccess('Admin',Yii::app()->user->id)) {
            $listData = CHtml::listData(UserType::model()->findAll(),'id','user_type');
        } else {
            $listData = CHtml::listData(UserType::model()->hideAdmin()->findAll(),'id','user_type');
        };
        return $listData;
    }

No correct solution

OTHER TIPS

Ok actually you can do this by using If statement in your View code. You can do like this

<?php 
          if(Yii::app()->authManager->checkAccess('Admin', Yii::app()->user->id)) {
         ?>
         <?php $criteria=new CDbCriteria();
             $criteria->condition="NOT user_type=Admin";
                echo $form->dropDownList($model,'user_type_id',
                    CHtml::listData(UserType::model()->findAll($criteria),'id','user_type')); ?>

         <?php } ?>

If the user is admin only then the dropdown will be shown.
EDIT: If you want to get it using function call then you can use this.

public function scopeToUse() {
        if(Yii::app()->authManager->checkAccess('Admin', Yii::app()->user->id)) {
            $this->getDbCriteria()->mergeWith(array(
        'condition' => 'NOT user_type="Admin"',
         'order'=>'id ASC'
    ));

        } 
        return $this;
    }

then you can use use

<?php  echo $form->dropDownList($model,'user_type_id',
                        CHtml::listData(UserType::model()->scopeToUse()->findAll(),'id','user_type')); ?>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow