Check Accessrules

Willey1986 · October 9, 2013, 11:13am

Hey there,

I created a little Yii-powered site in the last weeks which has a backend for an admin to change its contents. There are only a few actions/sites accessible for everyone and the rest is for the admin.

What I did to protect the site was to block access to all my actions in my main Controller class and then permitting certain access to specific actions in the Controllers I extended from this Main-Controller.

Normally every action that isn’t mentioned exclusively shouldn’t be accessible by anonymous but you can never be shure so I’m asking myself if yii offers some kind of access-Check which lists all actions that can be seen by anyone or do I have to check every link manually?

Hope you can help my

konapaz · October 9, 2013, 12:19pm

Hi

why didn’t use accessrules ?

http://www.yiiframework.com/wiki/169/configuring-controller-access-rules-to-default-deny/

for example


 public function accessRules()

    {

        return array(

            array('allow',

                'users'=>array('@'),

            ),

            array('deny'),

        );

    }

Allows all authenticated users to access all actions of the specific controller

Willey1986 · October 9, 2013, 1:30pm

Ah sry my fault of course I used Access Rules and Set my Controller to default deny but I’m Not sure that I really covered all situations correctly and so it would come in handy to have some automated accessrule check that tells me who has Access to which actions

konapaz · October 9, 2013, 1:36pm

Hi again Willey

Tell us what exactly permissions you want foreach group users and actions

I will suggest you the corrected rules