Hi, i am new to YII and implementing ACL in application. I have the following rules in my controller.
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
'postOnly + delete', // we only allow deletion via POST request
);
}
public function accessRules()
{
/return array(
array('allow', // allow all users to perform 'list' and 'show' actions
'actions'=>array('list','show'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('editpost'),
'users'=>array('@'),
'expression' => 'isset(yii::app()->user->role) && (yii::app()->user->role==="Editor")',
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update',),
'users'=>array('@'),
'expression' => 'isset(yii::app()->user->role) && (yii::app()->user->role==="Author")',
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
The problem is , when i try to logout for any role, it gives me the error that
"You are not authorized to perform this action. (/var/www/myii/yii/framework/web/auth/CAccessControlFilter.php:182)".
Do i ahve to mention "Login" and "Logout" actions for every role in every controller? or there is something i did wrong. please guide me