Help With Biz Rule In Rbac


I have the following code. It’s only very short as it is my first time using RBAC and I wanted to test little portions of it to make sure I’d done it right.

$auth = Yii::app()->authManager;

$auth->createOperation('viewProfile', 'View profile'); 

$task = $auth->createTask('viewOwnProfile', 'View your own profile', 'return $params["id"] == Yii::app()->user->id;'); // biz rule


$role = $auth->createRole('standardUser');




All that saved fine in my DB. I’ve assigned the authorisation to a user.

I’m trying this inside my view action

	public function actionView($id) {


		// Check access level

		if(!Yii::app()->user->checkAccess('viewProfile', $id)) {


			throw new CHttpException(403, 'You are not allowed to do this.');


//... Continue with code


I should mention I overwrote the getId() to id(). so my bizrule uses Yii::app()->user->id.

It currently lets me view any users record. I’m not really sure why. I have read around the topic and thought i’d done it correctly. I’ve also tried to call ‘viewOwnProfile’, still the same result.

Any guidance would be greatly appreciated.