jzumbrum Posted June 8, 2012 Share Posted June 8, 2012 I've been following this tutorial, which is great btw, and have one question. http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/ I can access the role property like this, anywhere in my application code: Yii::app()->user->role but, what I'd really like to do is use the default controller authorization in my UserController: /** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules() { return array( array('allow', // allow all users to perform 'index' and 'view' actions 'actions'=>array('*'), 'users'=>array('@'), // Fails 'roles'=>array(ModelConstantsRole::ADMIN), // Also Fails 'expression'=>'(isset(Yii::app()->user->role) && (Yii::app()->user->role==ModelConstantsRole::ADMIN))', ), array('deny', // deny all users 'users'=>array('*'), ), ); } It appears that the class that actually validates the rules defined in accessRules doesn't actually know anything about my role that I've assigned it. CAccessControlFilter (for those of you who don't want to search for it for 40 minutes XD). Any ideas on how I can make use of the accessRules method when I combine it with Larry's approach? Thanks! Link to comment Share on other sites More sharing options...
jzumbrum Posted June 11, 2012 Author Share Posted June 11, 2012 Figured out the issue was the accessrules: 'actions'=>array('*') is invalid use 'actions'=>array() instead or don't specify actions at all in order to default to all actions Link to comment Share on other sites More sharing options...
Larry Posted June 11, 2012 Share Posted June 11, 2012 I was hoping to answer this today; apologies for not helping sooner. But kudos for figuring it out and thanks for sharing the solution. Link to comment Share on other sites More sharing options...
Recommended Posts