Access Rule


In controller i have a problem with access rules, In my useridentity class i have role variable i saved employer.







		$this->setState('role', $role);

So please any one tell me that in my controller how can i make a rule for users who has employer’s role.

Below the code i am trying to use but it is not working,





Anyone please help me to rectify it

Hi Alankar

You have to seperate two things in your controller


[*]Users who has permissions of general action (like admin has action deleteUser)

[*]Users who has permissions for specific Users in Action


for example






public function actionDelete($id) {

if (Yii::app()->authManager->isAssigned('employer', $id))

 throw new CHttpException(403, 'You are not authorized to perform this action.');

..your code to delete the user with id = $id


The above you could achieve (with or without) RBAC bizrule


Hi KonApaz

Thanks, i just want to confirm that in “$this->setState(‘role’, $role);”, we are assigning role. So this role value we are assigning here is same?






The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here

So you have to set $this->setState(‘role’, $role) where $roles has admin role.

Therefore the





Permit the user to access the specific action

Hi KonApaz

I just want to confirm that what is the correct syntax $this->setState(‘role’, $role) or $this->setState(‘roles’, $role). I think roles and role are different, In some line you used roles and in some you used role.

Second where i have to use the code below, mean to which file i have to do this



$auth->createOperation('createPost','create a post');

$auth->createOperation('readPost','read a post');

$auth->createOperation('updatePost','update a post');

$auth->createOperation('deletePost','delete a post');


$bizRule='return Yii::app()->user->id==$params["post"]->authID;';

$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);

























You may add this code to some admin controller.

If you are using CPhpAuthManager you should add this at the end:


The result of running this code is a new file with this auth information in it.

The AuthManager component will load this auth information automatically from this file.

Hi KonApaz

I am using code given below





but it is showing 403 error, and in my roles variable i am getting "admin" too.

Is there any configuration or changes i have to do to roles?

For some example take a look at this