Strange behaviour in access control rules

Hi guys.

Thanks again for your attention.

The problem is:

I have the accessRules function at Controller component:

return array(

                        array('allow',  // allow all users to perform 'index' and 'contact' actions




                        array('allow', // allow authenticated user to perform 'delete' and 'update' actions




                        array('deny',  // deny all users




The actions ‘registroponto’, ‘index’ and ‘logoff’ are located on the same controller PontoController, and the action gerapdf is located in GridPontoController. When the action gerapf is called the following error appears:


You are not authorized to perform this action.

The strange thing is it was working perfectly but out of nowhere stopped working. Nothing has changed and now the action only works if I change it to the same controller where are the other actions (PontoController).

The action gerapdf is called in my cgridview:


'url'=>'Yii::app()->createUrl("gridponto/gerapdf", array("id"=>geral::cript($data->codigo_cadfu,\'E\',50),"hra"=>geral::cript($data->hora_registro,\'E\',50)))',


What is happening?


you need to put the gerapdf rule in the GridPontoController

How? Adding the function acessRules GridPontoController?

I think the function acessRules in class Controller (Components) manages all the access rule of all actions in all controllers, why should I add an additional rule on a specific controller?

Thank for your reply!

Shouldn’t it be grid[color="#FF0000"]P[/color]onto in:

'url'=>'Yii::app()->createUrl("gridPonto/gerapdf", …

Are you sure you don’t already have accessRules into GridPontoController like a ‘deny all’ rule, which would override any rule in Components/Controller.php?

Besides, have you tried to run your gridponto/gerapdf directly in the browser

Changed gridponto to gridPonto, same thing.

Question one:

Yes, I’m sure (I just checked).

Question two:

Yes, the same error appears.

Hmm ok I can’t see, although I’ve never used rules in Controller.php. I generally specify them in the relevant controllers, and it works all the time.

Cool. I will also adopt this strategy and see how it goes.

Thank you very much!