I've got a project where you can register, login, and upload a photo with description and name after logging in. I've used Access Control filters, so only registered users can upload and edit photos.
The problem is that every registered user can change the photo's description and name, even if they did not uploaded it.
How can I ensure users can only edit the description of their own photos?
In the yii2 doc I saw RBAC, but I don't think, that I need RBAC, because I don't need a lot of roles.
I need only 1 role and my project is too simple for using a RBAC. I also thought that I can execute a loop, where I can check if user owns a photo, but I don't think that it is a good practice.
