Reputation: 8917
Yii: prevent sensitive data from loading via relations
For example I have a model called Entity and a model called User. Each entity BELONGS_TO a single user. Perfect case to establish a relationship.
Still user contains some sensitive data, like a password. How do I prevent those data to be loaded, when requesting entity-with-user?
P.S. I understand that its better to design your database schema separating auth data and publicly available data. E.g. store password in User model and username in Profile model. Still my question is how to maintain security in presented case.
Upvotes: 0
Views: 61
Answers (1)
Reputation: 3103
I think something like this could be used:
public function relations()
{
return array(
'user' => array(self::BELONGS_TO,'User','id_field','select'=>'name,surname,otherfield1,field2'),
);
}
UPDATE
If you want to restrict the fields generally in the User model, you could try using defaultScope combined with using scenarios to determine when ALL fields can be selected.
public function defaultScope()
{
if ( $this->scenario != 'yourScenario' ) {
return array(
'select'=>"name,surname,otherfield1,field2",
);
} else {
return array();
}
}
Upvotes: 2
Related Questions
- relational access in yii2
- yii2 how to deny access Yii::$app->db in view
- The best way to protect model->load() from saving wrong inputs
- How disable getting data from related model in Yii
- Prevent show data from another user
- Exclude related model data on the fly in Yii
- how can I limit user's access to information of their profile in YII framework
- How to make sure a user can only see and access their own data in Yii
- Is it possible to have permissions based on relations?
- Yii relations issue