I am not sure if this excerpt from Yii 1.0.3 CDbAuthManager class has some defect.
It doesn't use param $userId and a strange $condition variable is count when it was ot set.
protected function checkDefaultRoles($itemName,$userId,$params) { $names=array(); foreach($this->defaultRoles as $role) { if(is_string($role)) $names[]=$this->db->quoteValue($role); else $names[]=$role; } if(count($condition)<4) $condition='name='.implode(' OR name=',$names); else $condition='name IN ('.implode(', ',$names).')'; $sql="SELECT name, type, description, bizrule, data FROM {$this->itemTable} WHERE $condition"; $command=$this->db->createCommand($sql); $rows=$command->queryAll(); foreach($rows as $row) { $item=new CAuthItem($this,$row['name'],$row['type'],$row['description'],$row['bizrule'],unserialize($row['data'])); if($item->checkAccess($itemName,$params)) return true; } return false; }