0

I am working on my collage project in which admin can create Employees(Teachers) and teachers can create students now my problem is that in index and view file any employee can see the total list of students recently added.

i want to put condition on view/index file so that specific teacher can view list of students created by him or her.

i have link between user table and Employee table (Created by & updated by)

Regards, Yuvraj Verma

<section class="content doc-user-profile">
    <div class="col-md-12 text-center">
    </div>
    </div>
    <table class="table table-striped">
        <tr>
            <th><?= $info->getAttributeLabel('stu_unique_id') ?></th>
            <td><?= Html::encode($info->stu_unique_id) ?></td>
        </tr>
        <tr>
            <th><?php echo Yii::t('stu', 'Name'); ?></th>
            <td><?= Html::encode($this->title) ?></td>
        </tr>

        <tr>
            <th><?= $info->getAttributeLabel('stu_email_id') ?></th>
            <td><?= Html::encode($info->stu_email_id) ?></td>
        </tr>
        <tr>
            <th><?= $info->getAttributeLabel('stu_mobile_no') ?></th>
            <td><?= $info->stu_mobile_no ?></td>
        </tr>
        <tr>
            <th><?php echo Yii::t('stu', 'Status'); ?></th>
            <td>
                <?php if($model->is_status==0) : ?>
                <span class="label label-success"><?php echo Yii::t('stu', 'Active'); ?></span>
                <?php else : ?>
                <span class="label label-danger"><?php echo Yii::t('stu', 'InActive'); ?></span>
                <?php endif; ?>
            </td>
        </tr>
    </table>
</div>

<div class="col-lg-9 profile-data">
    <ul class="nav nav-tabs responsive" id = "profileTab">
        <li class="active" id = "personal-tab"><a href="#personal" data-toggle="tab"><i class="fa fa-street-view"></i> <?php echo Yii::t('stu', 'Personal'); ?></a></li>
    </ul>
     <div id='content' class="tab-content responsive">
        <div class="tab-pane active" id="personal">
            <?= $this->render('_tab_stu_personal', ['info' => $info, 'model' => $model]) ?> 
        </div>
    </div>
</div>
 </div> <!---End Row Div--->

Student Create Controller is as below:

public function actionCreate()
{
    $model = new StuMaster();
    $info = new StuInfo();
    $user =new User();
    $auth_assign = new AuthAssignment();

    if (Yii::$app->request->isAjax) {
        if($info->load(Yii::$app->request->post())) {
            \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
            return ActiveForm::validate($info);
        }
        if($model->load(Yii::$app->request->post())) {
            \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
            return ActiveForm::validate($model);
        }
    }

    $stud_uniq_no = \app\modules\student\models\StuInfo::find()->max('stu_unique_id');
    $uniq_id = NULL;
    if(empty($stud_uniq_no)) {
        $uniq_id = $info->stu_unique_id = 1;
    }
    else {
        $chk_id = StuInfo::find()->where(['stu_unique_id' => $stud_uniq_no])->exists();
        if($chk_id)
            $uniq_id = $stud_uniq_no + 1;
        else
            $uniq_id = $stud_uniq_no;
    }

    if ($model->load(Yii::$app->request->post()) && $info->load(Yii::$app->request->post()))

    {

        if (Yii::$app->request->isAjax) {
                    \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
                    return ActiveForm::validate($info);
        }
        if (Yii::$app->request->isAjax) {
                    \Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;
                    return ActiveForm::validate($model);
        }

        $model->attributes = $_POST['StuMaster'];
        $info->attributes = $_POST['StuInfo'];

        $info->stu_dob = Yii::$app->dateformatter->getDateFormat($_POST['StuInfo']['stu_dob']);
        if(empty($_POST['StuInfo']['stu_email_id']))
        $info->stu_email_id = NULL;
        else
        $info->stu_email_id = strtolower($_POST['StuInfo']['stu_email_id']);

        $login_id = \app\models\Organization::find()->one()->org_stu_prefix.$uniq_id;
        $user->user_login_id = $login_id;
        $user->user_password =  md5($user->user_login_id.$user->user_login_id);
        $user->user_type = "S";
        $user->created_by = Yii::$app->getid->getId();
        $user->created_at = new \yii\db\Expression('NOW()');

        if($info->save(false))
        {
        $user->save(false);
        }


        $model->stu_master_stu_info_id = $info->stu_info_id;
        $model->stu_master_user_id = $user->user_id;
        $model->created_by = Yii::$app->getid->getId();
        $model->created_at = new \yii\db\Expression('NOW()');
        $model->save(false);

        $s_info = StuInfo::findOne($model->stu_master_stu_info_id);
        $s_info->stu_info_stu_master_id = $model->stu_master_id;
        $s_info->save(false);

        $auth_assign->item_name = 'Student';
        $auth_assign->user_id = $user->user_id;
        $auth_assign->created_at =  date_format(date_create(),'U');
        $auth_assign->save(false);

        if ($model->save()) {
        return $this->redirect(['view', 'id'=>$model->stu_master_id]);
        }
        else
        return $this->render('create', ['model' => $model, 'info' => $info, 'uniq_id'=>$uniq_id]);
    } else {
        return $this->render('create', [
        'model' => $model, 'info' => $info, 'uniq_id'=>$uniq_id
        ]);
    }
}
Yuvraj verma
  • 17
  • 5

2 Answers2

0

In your "modelSearch"'s search function add a created_by filter: 

public function search($params)
{
    $query = StuInfo::find();
     ...
     $query->andFilterWhere(['created_by' => Yii::$app->user->identity->id]);
    ....
 }

For your view(actionView) you could check if the record was created by the logged in user before render.

This would get complex with time so i recommend using authorization - Yii2 Access Control and Authorization

Kalu
  • 561
  • 2
  • 7
0

Your create action is ok. You have to put restriction in index/view action of your controller Your index action should be like this

public function actionIndex()
    {

        $searchModel = new StudentSearch();
        $query = Student::find()->where(['teacher_id'=>$logged_teacher_id_from_session]);

        $dataProvider = new ActiveDataProvider([
            'query' => $query,
            'pagination' => [
                'pageSize' => 20,
            ],
            'sort' => [
                'defaultOrder' => [
                    'student_id' => SORT_ASC,
                ]
            ],
        ]);

        return $this->render('index', [

            'searchModel' => $searchModel,
            'dataProvider' => $dataProvider,
        ]);
    }

In this case teacher who is logged in can see only his/ student

Radhe9254
  • 198
  • 1
  • 11