Controller Accessrules Expression

nguyendh · May 23, 2013, 4:40pm

Hi guys,

I have a 3 type of users: ADMIN(1) , Employee(2) and Employer(3). And i have the below




array('allow', //

	'actions'=>array('secret'),

	'users'=>array('@'),

	'expression'=>'isset($user->userprofile) && ($user->userprofile=="3" )',

),

the access rules work for Employee and Employer type, but not Admin type. I mean the above code should disallow ADMIN type user to access ‘secret’ action, but it does not. I even try ‘expression’ => ‘false’ but ADMIN type still has access to ‘secret’ action. In short, whatever I put in expression, it does not affect ADMIN type user to have access to the ‘secret’ action.

Is there a overwrite somewhere ? I took over this project so I had no clue if previous guys put some weird rules somewhere.

Thanks,

Michael

nguyendh · May 29, 2013, 4:09pm

any suggestion please ?

vizrs · May 30, 2013, 9:33am

Hi!

If you want disallow the admin type user to access ‘secret’ action, try put into a ‘deny’ rule! Something like




array('allow', //

        'actions'=>array('secret'),

        'users'=>array('@'),

        'expression'=>'isset($user->userprofile) && ($user->userprofile=="3" )',

),

array('deny', //

        'actions'=>array('secret'),

        'users'=>array('@'),

        'expression'=>'isset($user->userprofile) && ($user->userprofile=="1" )',

),

PS: not tested!

Keith · May 30, 2013, 10:51am

It sounds like you’ve got another “allow” rule which is granting access (or maybe you don’t have a deny all rule at the end).

konapaz · May 30, 2013, 11:11am

Always must add to the end of accessRules


array('deny', 'users'=>array('*')),

also check if admin pass the expression


'expression'=>'isset($user->userprofile) && ($user->userprofile=="3" )',

Finally you can use roles

http://www.yiiframework.com/doc/guide/1.1/en/topics.auth