Houston, i’ve problem! Maybe someone’d solved this…
Using access rules i’ve found that metasymbols (*@?) don’t working
public function accessRules() {
return array(
array('deny',
'users'=>array('*'),
'actions'=>array('*'),
),
...
if i using names of groups/users and actions it works fine
'users'=>array('Guest'),
'actions'=>array('view'),
But using metasymbols fails
What’s the reason?
i couldn’t find any mention about meta (*@?) in CAccessRulesFilter class.
It’s ‘preFilter’ method use CAccessRule->isUserAllowed
And is-matched methods don’t use meta at all
There are only arrays empty-checking (users/roles/actions…)
If appropriate array is empty it means all (like *)
protected function isActionMatched($action)
{
return empty($this->actions) || in_array(strtolower($action->getId()),$this->actions);
}
so i can define rules shortly:
public function accessRules() {
return array(
array('allow','roles'=>array('Administrators')),
array('allow','actions'=>array('view')),
array('deny'),
);
}
It means that admins can do anything
And other users can perform only ‘view’ action