UserController Access Rules


The default access rules of a user controller is this to give permissions to certain users.

                  array('allow', // allow authenticated user to perform 'create' and 'update' actions




But what If I have extended Webuser and has and isAdmin function?

May someone please tell me why it won’t work?

array('allow', // allow admin user to perform 'admin' and 'delete' actions


				'users'=> array('$user->isAdmin'),


If isAdmin is one of your user roles then use expression to apply those actions to admin users only.

Example in my app I have roles admin and member so the content I need to be updated by admin I will have

array('allow', //allow admin users to perform 'admin', 'create', 'update' and 'delete' actions

    'actions'=>array('admin', 'create', 'update', 'delete'),




Check first if the user is authenticated


then assign the role isAdmin.