Recently I’m using CAccessControlFilter to do access control. When I use the “user” array as the rule, I notice that CAccessControlFilter compares the given strings to the current user’s name attribute (CAccessControlFilter::isUserMatched()), not id or username. The document of CUserIdentity says “name” is “the display name for the identity”, I think it is not an unique identifier. I guess isUserMatched() should compare user ID.
I’m not sure if this is intentional or a bug, therefore post here first. If this is intentional, can someone explain the rationale? Thanks!
CWebUser::getName() returns the session variable that is created with CWebUser::login(). The name comes from CUserIdentity::getName(). In short, CUserIdentity::name = CWebUser::name. Why their descriptions are different?