Hello,
I have a yii application with the following setup:
-
RBAC system via CDbAuthManager, no extensions.
-
Three roles defined and assigned in DB: superadmin, admin, authenticated.
-
Administration module.
Inside the admin module, I have a an example controller called VenueController, with CRUD functionality for –tada!– Venues. This controller has an AJAX action defined, actionUploadImage so image uploading does not need a page refresh.
In order to have it working, I had to set this action available for all application users, including non logged-in users. So, my accessRules function looks like this:
return array(
array('allow',
'actions'=>array('uploadImage'),
'users'=>array('*'),
),
array('allow',
'actions'=>array('index','view','create','update','admin','delete'),
'roles'=>array('admin'),
),
array('deny',
'users'=>array('*'),
),
);
Right now, when I try to upload an image or access directly to /admin/club/uploadImage, I am getting redirected to login page. If I comment the last block from accessRules array (the one denying all actions) I can access to the action.
Any idea of what is going wrong? Can I mix roles and users inside accessRules like I’m doing?