1- Make sure that your accessRules() has allowed adduser action to & (signed in), and IT IS ON TOP OF ALL OTHER RULES OR AT LEAST JUST PUT IT ON TOP OF THE DENY ALL RULE. Don’t get me wrong, it is not required to be always on top of all other rules, but the default last rule in the book is to deny *, so if you put your adduser rule below it, you won’t have a chance to access action adduser.
public function accessRules()
'actions' => array('index', 'view', 'adduser'),
'users' => array('@')
array('allow', // allow authenticated user to perform 'create' and 'update' actions
array('allow', // allow admin user to perform 'admin' and 'delete' actions
array('deny', // deny all users
2- If you have correctly updated your accessRules(), you need to check to make sure your account you’re using to sign in, is the user who has access to the operation ‘create new user’. This operation is obviously in task user management, and assigned to role owner. So the user must be the owner of the project you’re currently browse. Go selecting from your database to make sure on that.
In my case, I don’t know what going on, I stuck at this point (hope you don’t), while my database shows Test_User_One is the owner of the project, my accessRules is correctly set, but this god damn Yii::app()->checkAccess() always returns FALSE.
Your printed screen looks like you put this link: Add User To Project in wrong place, so you might also look into this file …\trackstar\protected\views\project\view.php and add it as the vertical menu item as below:
array('label'=>'List Project', 'url'=>array('index')),
array('label'=>'Create Project', 'url'=>array('create')),
array('label'=>'Update Project', 'url'=>array('update', 'id'=>$model->id)),
array('label'=>'Delete Project', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?')),
array('label'=>'Manage Project', 'url'=>array('admin')),
array('label'=>'Create Issue', 'url'=>array('issue/create', 'pid'=>$model->id)),
array('label'=>'Add User To Project','url'=>array('adduser','id'=>$model->id)),
so how about assigning Test_User_One to owner, and Test_User_Two to member of project 1, and back again follow the book and test whether you could see link Add User To Project, and if you do, then you could access that page with Test_User_One or Test_User_Two?
They don’t see the link, it does not mean, they can not access that managing project page, so make sure you insert your check in every pages to prevent reader from member page, and to prevent member from owner page.
This is an example to restrict members and readers from gaining access to Add User To Project page.
public function actionAdduser($id)
$project = $this->loadModel($id);
throw new CHttpException(403,'Damn You!, you are not authorized to perform this action.');
throw new CHttpException(403,"Damn You!, you are not authorized to perform this action.");
In my case, this won’t work since my checkAccess() always returned FALSE, but other confirmed that works. But my commented code works smoothly.
$project = $this->loadModel();
throw new CHttpException(403,'You are not authorized to per-form this action.');
// collect user input data
$form->project = $project;
// validate user input and set a sucessfull flassh message if valid
Yii::app()->user->setFlash('success',$form->username . " has been added to the project." );
// display the add user form
$users = User::model()->findAll();
foreach($users as $user)
$form->project = $project;
I’ve been following along with the book and the problem with admin user is that once rbac is in place admin and demo are disabled as part of using the tbl_user instead of the hard coded admin and demo.
At least I can’t log in as admin or demo.
I added a user manually in the db so I can log in with that user now the same as Test_User_One and Test_User_Two and after fixing the link for add user I can see it now but I’m lost on how the app knows if these two test users or my new user are admins or not.