Access Control

romanoza · May 28, 2009, 12:32pm

I'm using Skeleton app.

In PostController i have:

So, i think in this case no actions allowed. Am i right?

But i can process any actions.

In CAccessControlFilter.php preFilter function (line 98) return true.

What can it be?

rickgrana · May 28, 2009, 2:56pm

Really strange.

Try to add the 'allow' property with a blank array.

romanoza · May 28, 2009, 3:23pm

hmmm, all controllers ignore access rules

jonah · May 28, 2009, 11:35pm

If you are using my skeleton app, then that is because I have extended it.

see AccessControlFilter.php in /components

Quote

/*

With my modifications, access rules can be defined like so:

class UserController extends Controller {

public function accessRules() {





	return array(





		&#039;logout, update&#039;, //&#039;logout&#039; and &#039;user update&#039; actions require logon





		&#039;login, create, recover&#039; =&gt; array(Group::GUEST, &#039;equal&#039;), //these actions require the user to NOT be logged on





		&#039;delete&#039; =&gt; array(Group::ADMIN, &#039;min&#039;), //the user delete actions required rank of admin or higher





	);





}











//..

}

as you see, if you don't define specific settings, it will assume them to be the following:

array(Group::USER, &#039;min&#039;)

Which means the current must have at lease rank of USER.

As you see you can define very specific settings with little typeing.

If you do not like my extension of access control, you can edit the

Controller.php file and comment out the filterAccessControl() method

*/

romanoza · May 29, 2009, 10:37am

Quote

If you are using my skeleton app, then that is because I have extended it.

see AccessControlFilter.php in /components

Quote

/*

With my modifications, access rules can be defined like so:

class UserController extends Controller {

public function accessRules() {





	return array(





		&#039;logout, update&#039;, //&#039;logout&#039; and &#039;user update&#039; actions require logon





		&#039;login, create, recover&#039; =&gt; array(Group::GUEST, &#039;equal&#039;), //these actions require the user to NOT be logged on





		&#039;delete&#039; =&gt; array(Group::ADMIN, &#039;min&#039;), //the user delete actions required rank of admin or higher





	);





}











//..

}

as you see, if you don't define specific settings, it will assume them to be the following:

array(Group::USER, &#039;min&#039;)

Which means the current must have at lease rank of USER.

As you see you can define very specific settings with little typeing.

If you do not like my extension of access control, you can edit the

Controller.php file and comment out the filterAccessControl() method

*/

lol, i saw it few minutes ago, and going to write it there