I am really stumped here. I have the following simple access rules for a controller:
public function accessRules()
{
return array(
array('allow',
'actions' => array('index', 'view', 'home', 'detail', 'filter'),
'users' => array('*'),
),
array('allow',
'actions' => array('create', 'update'),
'users' => array('@'),
),
array('allow',
'actions' => array('admin', 'delete'),
'roles' => array('superadmin'),
),
array('deny', // deny all users
'users' => array('*'),
),
);
}
And even though my user has the ‘superadmin’ role I get a 403 when trying to access the admin view and it says: “You are not authorized to perform this action.”
If I use the username in the rule instead of the role it works:
‘users’ => array(‘myuser@mysite.com’), instead of ‘roles’ => array(‘superadmin’),
I know the user has the correct role because I have output the roles on the view to check them, like this:
$user_ssignments = Yii::app()->authManager->getAuthAssignments(Yii::app()->user->name);
foreach ($user_ssignments as $role_name=>$oCAuthItem)
{
echo "- '{$role_name}'<br />";
}
Th above outputs ‘superadmin’ as expected.
I am going mad. Please help me solve this if you can. Thanks!