i’m trying to implement the RBAM extension on my project and everything is ok, but “only” that it doesn’t really prevent a user that is not allowed for X action to perform that action (operation).
here what i have done:
created my project using yiic (on windows).
created my model, controller and crud for every table in my db.
created a users table and have the model, controller and crud for it.
created the tables needed for the CDbAuthManager: authassignment, authitem, authitemchild.
added the following to the config/main.php:
'components' => array( 'authManager'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db' ), )
'modules'=>array( 'rbam'=>array( //'initialise'=>false, 'userNameAttribute'=>'email', ), )
do i need to add anything to my controllers access rules?