Reputation: 19
yii2 how to deny access Yii::$app->db in view
We have a development team and I want the developer who focuses on the views will not be able to do retrieving,updating,deleting directly using Yii::$app->db. Every database operation in view must be done via a proper model object. How to? Thanks.
Upvotes: 0
Views: 83
Answers (1)
Reputation: 21
I don't have enough reputation to leave a comment, so I'll write it as an answer. There are templating engines like Twig that can be plugged in to Yii2. Here is the link to GitHub Twig Extension. Even though you can write php functions in Twig templates, you try to restrict yourself and your team with template syntax. So simply saying
<?php echo $var ?>
<?php echo htmlspecialchars($var, ENT_QUOTES, 'UTF-8') ?>
will be written as
{{ var }}
{{ var|escape }}
{{ var|e }} {# shortcut to escape a variable #}
So, considering we refuse from PHP tags and use only template syntax, it can be said for sure that noone will/could call Yii::$app->db in {{ }}
Upvotes: 2
Related Questions
- Yii2: how to deny access to a controller file?
- Yii2 Allow access to only specific controllers and restrict access to other controller
- Yii restrict database connection to read-only
- Models permission in Yii2
- Yii2- How to restrict a user from viewing others data in index page
- yii2 Access control is not working
- Deny access to the application for the role. Yii2
- Using access control in yii2
- yii2 disable access by right part of routing rule
- Yii2 restrict access by usernames