public function accessRules()
{
if(isset(Yii::app()->request->getParam('id')))
{
$[size=2]created_by[/size]= $this->loadModel(Yii::app()->request->getParam('id'))->created_by;
[size=2]$params[/size][color=#666600][size=2]=[/size][/color][size=2]array[/size][color=#666600][size=2]([/size][/color][color=#008800][size=2]'created_by'[/size][/color][color=#666600][size=2]=>[/size][/color][size=2]$created_by[/size][color=#666600][size=2]);[/size][/color]
}
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index'),
'expression'=>'Yii::app()->user->checkAccess("usersIndex")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('view'),
'expression'=>'Yii::app()->user->checkAccess("usersView")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('create'),
'expression'=>'Yii::app()->user->checkAccess("usersCreate")',
),
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('signup'),
'expression'=>'Yii::app()->user->checkAccess("usersSignup")',
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('update'),
'expression'=>'Yii::app()->user->checkAccess("usersUpdate",$params)',
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin'),
'expression'=>'Yii::app()->user->checkAccess("usersAdmin")',
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('delete'),
'expression'=>'Yii::app()->user->checkAccess("usersDelete")',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
I would call the checkAccess in each action, not in the controller rules:
public function actionCreate() {
if(!Yii::app()->user->checkAccess("usersCreate"))
throw new CHttpException(403,'Access denied');
....
}
public function actionUpdate($id)
{
$model= $this->loadModel($id);
if(!Yii::app()->user->checkAccess("usersCreate",array('created_by'=> $model->created_by))
throw new CHttpException(403,'Access denied');
....
}