public function filters()
{
return array('accessControl');
}
public function accessRules()
{
return array(
array('allow', // allow all users to perform these actions
'actions'=>array('index','error','login','signup','trial','success','activate','resetPassword','pages'),
'users'=>array('*'),
),
array('allow', // allow authenticate users to perform these actions
'actions'=>array('logout'),
'users'=>array('@'),
),
array('deny', // deny all users anything not specified
'users'=>array('*'),
),
);
}
I want to restrict the guest user to access the different actions defined in different controller.
When I am applying the access rules like:
public function accessRules() {
return array(
array('allow', // allow authenticated user actions
'actions'=>array('index','edit'),
'users'=>array('@'),
),
array('allow', // allow all user
'actions'=>array('passwordSetting','roomSetting'),
'users'=>array('*'),
),
array('deny', // deny all users anything not specified
'users'=>array('*'),
),
);
}
When I remove the deny column the rules are applying to both guest and logged in users.
/**
* @return array action filters
*/
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to access 'index' and 'view' actions.
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated users to access all actions
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}