UserController Access Rules

androidslacker · September 4, 2012, 1:55pm

Hello,

The default access rules of a user controller is this to give permissions to certain users.




                  array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

But what If I have extended Webuser and has and isAdmin function?

May someone please tell me why it won’t work?





array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete','create','update','view','index'),

				'users'=> array('$user->isAdmin'),

			),

bonnie · September 4, 2012, 2:50pm

Sler:

Hello,

The default access rules of a user controller is this to give permissions to certain users.
                  array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),
But what If I have extended Webuser and has and isAdmin function?

May someone please tell me why it won’t work?
array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete','create','update','view','index'),

				'users'=> array('$user->isAdmin'),

			),

If isAdmin is one of your user roles then use expression to apply those actions to admin users only.

Example in my app I have roles admin and member so the content I need to be updated by admin I will have




array('allow', //allow admin users to perform 'admin', 'create', 'update' and 'delete' actions

    'actions'=>array('admin', 'create', 'update', 'delete'),

    'users'=>array('@'),    

    'expression'=>isAdmin,

    ),

Check first if the user is authenticated

‘users’=>array(’@’)

then assign the role isAdmin.

expression’=>isAdmin