In my data model, I've got a field that should be admin-editable only. Normal users can edit records in the model and view this specific field, but they should not be able to edit it. Is there a simple/clean approach to do this? I guess that it's necessary to create an extra admin_edit controller action, but what's the best way to "lock" a data field in the controller?

Accepted Answer

It's not necessary to create a new controller action, but you may decide so. Note that you can still use the same view for it using $this->render("edit") see:

I think you should:

  • use the same controller action, if that's not confusing for the users and admins
  • display an input field only if the user is admin, and output the text for other users
  • check for authorization in the controller
Written by Adam
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the community.
It is licensed under cc-wiki