i’m trying to implement the RBAM extension on my project and everything is ok, but “only” that it doesn’t really prevent a user that is not allowed for X action to perform that action (operation).
here what i have done:
-
created my project using yiic (on windows).
-
created my model, controller and crud for every table in my db.
-
created a users table and have the model, controller and crud for it.
-
created the tables needed for the CDbAuthManager: authassignment, authitem, authitemchild.
added the following to the config/main.php:
'components' => array(
'authManager'=>array(
'class'=>'CDbAuthManager',
'connectionID'=>'db'
),
)
'modules'=>array(
'rbam'=>array(
//'initialise'=>false,
'userNameAttribute'=>'email',
),
)
do i need to add anything to my controllers access rules?