I’m working on access control for a controller and have rules that look like this:
array('allow', 'actions' => array('edit', 'delete'), 'users' => array('@')),
Is there a way to check with a method to see if the user has sufficient permissions? For example, I’d like a function to be run before a particular action to check two or three criteria to see if the user is authorized to access the action.
You have two(+) options here.
You can use the ‘expression’ of each access rule to define an anonymous function that will be run before each time the action is requested: http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#access-control-filter and http://www.yiiframework.com/doc/api/1.1/CAccessRule#expression-detail.
Use Role Based Access Control (RBAC), and then use the method checkAccess:
if(Yii::app()->user->checkAccess('deletePost'))
Thanks! Here is my solution:
public function accessRules()
{
return array(
array('allow'
'actions'=>array('admin'),
'expression' => array($this, 'checkAccessForAdmin')
),
//…
);
}
public function checkAccessForAdmin($user, $rule)
{
//return true or false
return true;
}