How i can allow a specific role of users to update only their account?

Question

How i can allow a specific role of users to update only their account?

Closed this issue 10 years ago · 1 comments

Hello, I have two types of roles, the administrator and the editor. I want the editor to be able to view his/her profile only on the index page where the administrator can see all the users. Next I want the editor to be able to edit only his profile and denied any try to change other accounts. I want the administrator to have full access.

Therefore so far what i did is this
$authority->allow('manage', 'all'); for the administrator

But for the editor how i can allow him to use the index, edit, update functions of the User controller but only for his account?

One idea that I have is to check the role of the use inside of each controller and in case where the role is editor to redirect him on a specific page with an error message. Is there any other way with the authority-controller?

thank you

Answer 1 · 2015-03-30T11:10:38.000Z

Hi @giwrgos88,

This Wiki doc section will answer your question.

Take time to read the Wiki docs please, it'll answer almost all your questions.

Have a good day,
Tortue Torche