Accessrule in Blog Demo


public function accessRules()

	{

		return array(

			array('allow',  // allow all users to access 'index' and 'view' actions.

				'actions'=>array('index','view'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated users to access all actions

				'users'=>array('@'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

This is the code copy from Blog demo. I think the


			array('deny',  // deny all users

				'users'=>array('*'),

			),

is going to override the


	array('allow',  // allow all users to access 'index' and 'view' actions.

				'actions'=>array('index','view'),

				'users'=>array('*'),

			)



They both apply to the same all user, but with different rules. Please correct me if I interpenetrate it wrong.

Thank you!

Hi nettrinity,

I’m a new Yii user so I may be wrong, but I think the rules are processed in the order that they’re declared. So only if none of the preceeding ‘allow’ rules match will the ‘deny’ rule be processed.

I’m sure I read this in one of the guides.

Cheers

Yes Crikey is right.

Access List Control is just like that (setting router or anything that have Access List Control will work just like this).The system will be compare the rule from top to bottom. When it compare the first rule to be true, then it will stop comparing the rest. But if it got “false” then it will continue the rules below. That’s why it is a must to put deny all code at the bottom of the rules. So if you ever forgot anything, at least, it would block for you.


                        array('deny',  // deny all users

                                'users'=>array('*'),

                        ),



Very interesting. Thanks a lot! "When true, stops; false continues" can explain my confusion. Hope they put it in the definite guide.