The AccessRules for delete action doesn't function

Try to create a CRUD application with yiic for any class, change the accessRules() function by eliminating the ‘delete’ action in the array with ‘allow’ for admin users, at this point delete action should be denied, this is an example code of my users class:

	public function accessRules()


		return array(

			array('allow',  // allow all users to perform 'list' and 'show' actions




			array('allow', // allow authenticated user to perform 'create' and 'update' actions




			array('allow', // allow admin user to perform 'admin' actions




			array('deny',  // deny all users





but if you go in the admin page (users/index.php?r=users/admin) and try to delete a record you can do it anyway (i think it’s a bug), instead if you go to show the single record (users/index.php?r=users/show&id=10) and then try to delete it from here, in this case you are correctly blocked for not be authorized.

That’s because the admin view doesn’t use actionDelete.

See processAdminCommand() in the generated Controller.


You’re right, now I found also this post related

I will change the linkbutton code as explained so it will pass through actiondelete