Module accessControl

mbi · December 10, 2009, 11:36am

How to protect a whole module with accessRules?

e.g. only admin has access

mazan.robert · December 10, 2009, 11:47am

I think a checkAccess in the module class’ beforeControllerAction would do it.

mbi · December 10, 2009, 11:54am

can you provide some code?

mazan.robert · December 10, 2009, 11:58am

Something like this:




class MyAdminModule extends CWebModule

{

	public function beforeControllerAction($controller, $action)

	{

		return Yii::app()->user->checkAccess('admin') && parent::beforeControllerAction($controller, $action);

	}

}

mbi · December 10, 2009, 1:16pm

Roberto:




class MyAdminModule extends CWebModule

{

	public function beforeControllerAction($controller, $action)

	{

		return Yii::app()->user->checkAccess('admin') && parent::beforeControllerAction($controller, $action);

	}

}

it doesnt work for me, so i tried a new Controller




class AdminController extends CController

{

    public function filters()

    {

        return array(

            'accessControl',

        );

    }


    public function accessRules()

    {

        return array(


            array(

                'deny',

                'users' => array('*'),

            ),


            array(

                'allow',

                'users' => array('admin'),

            )

            

        );

    }

}


class DefaultController extends AdminController

{

    public function actionIndex()

    {

        $this->render('index');

    }

}

This doesnt work either: ‘You are not authorized to perform this action.’

Why not?

tri · December 10, 2009, 1:32pm

First allow admin then deny the rest?

/Tommy

mbi · December 10, 2009, 1:40pm

right, got it! thanks