I wanted the simple filtering for access control, so per the docs I added this code as an initial test to one of my controllers:
But all users are still able to access everything. Am I missing something?
I wanted the simple filtering for access control, so per the docs I added this code as an initial test to one of my controllers:
But all users are still able to access everything. Am I missing something?
The '*' character is only used by 'users'. If you want the rule to be applied to all actions, you don't need to specify the 'actions' option.
How can I customize what happens when a user does not have access to the requested action?
I don't want them to return to the loginUrl or get a 401 error.
I just added CAccessControlFilter::accessDenied() method. You may override this method to customize the behavior you want when access is denied.
Wow, that’s cool 
Thanks qiang