Hi, I have successfuly installed the srbac extension (srbac_1.1.1_r209.zip) and created model and controller called Post which extends SBaseController. Then, I used the "Autocreate auth items" function in the srbac administration and assigned PostViewing task, which consists of PostIndex and PostView$id operations, to User, Authority and Administrator roles.
But it doesn’t work, I always get Error:403 ‘You are not authorized for this action’. What did I do wrong?
Ok, I did a fresh install of yii and the srbac module. I followed the instructions exactly step by step and I still get the same Error:403 ‘You are not authorized for this action’
Unless the author assumes I do something that is not written in the instructions…
I ran into the same problem, though it was limited to ‘View$id’, ‘Updated$id’ and ‘Delete$id’ set of operations on the model, and not ‘Index’, ‘Create’ or ‘Admin’ set of operations. I used ‘Autocreate auth items’ to create these operations as well and the authorization error showed up for all operations that had a ‘$id’ in their name. The problem went away when I removed the ‘$id’ from the name of these operations. That might be the issue. Am going to look for the code segment that does this in AuthItemController.php to see if that is indeed the problem.
The pattern matching in AuthItemController::_getControllerInfo() needs to be changed I believe. In controller functions such as actionIndex($id), the brackets are removed but the parameter (’$id’ here) is not removed using preg_replace, which leads to a name called ‘actionIndex$id’.
But fundamentally, I am assuming that having ‘$’ in the action name would not work and hence the problem with autocreate. Please correct me if I’m wrong.