Hello.
I have AdminController which i extend for each controller in admin panel.
public function behaviors() { return [ 'access' => [ 'class' => AccessControl::className(), 'rules' => [ [ 'actions' => ['login'], 'allow' => true, 'roles' => ['?'], ], [ 'actions' => ['delete'], 'allow' => true, 'roles' => ['admin'], ], [ 'allow' => true, 'roles' => ['admin', 'editor', 'expert'], ], ] ], 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [ 'logout' => ['get'], 'delete' => ['POST'], ], ], ]; }
Then i create some additions just for users control:
public function behaviors() { return \yii\helpers\ArrayHelper::merge(parent::behaviors(), [ 'access' => [ 'rules' => [ [ 'actions' => ['update'], 'allow' => true, 'roles' => ['admin'], ], [ 'actions' => ['view', 'index'], 'allow' => true, 'roles' => ['editor', 'expert'], ], ] ], ]); }
But if i have role editor
i can update users… Why?