Access Rules

Yii 1.1 General Discussion
1

Hi ,

I have an issue with access rules.

I want to display the pages based on the user roles [ I have created roles, operations and assigned them to users.]. Say for eg: User who is not an editor should not be able to see the edit page.

I tried with the below but doesnot seem to work:

public function isValidAccess()

{

return Yii::app()->user->checkAccess(‘admin’);;

}

public function accessRules() {

return array(

array(‘allow’,

‘actions’ => array(‘changePassword’,‘Activate’,‘Deactivate’,‘Cancel’),

‘expression’ => ‘Yii::app()->controller->isValidAccess()’,

),

);

}

Can anyone please help me to solve the issue?

Regards,

Vidhya

2

Hi please see this below ex,

I have 4 user.

1)amdin = can all access

2)translator = only update the record

3)content = verifier-create and update

4)vendor = can not create and update the record




public function defaultAccessRules()

	{

		return array(

		array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update','admin','delete'),

				'users'=>array('admin'),

		),

		array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('update'),

				'users'=>array('translator'),

		),

		array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('content_verifier'),

		),

                array('deny', // deny authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('vendor'),

		),

			


		);

	}

i hope you got my point

3

this will help

http://www.yiiframework.com/wiki/328/simple-rbac/

4

Hi All,

Thank you for your suggestions.

The below code helped me to solve the issue.


function beforeAction($action){

    $accessRule = $action->id;

    if(Yii::app()->user->checkAccess($accessRule)){

       return true;

    }else{

        

       throw new CHttpException(403, 'You are not authorized to view this page');

    }

}

Thanks & Regards,

Vidhya