Yii Framework Forum

Why the actiondelete can't be called?


(George_lu) #1

Hi, guys!

I am using rbac of yii1.1, when I called the actiondelete, I got a warning such as “You are not authorized to perform this action.”

My accessRule is:

     public function accessRules()
{
	return array(
		array('allow',  // allow only authenticated users to perform 'index' and 'view' actions
		'actions'=>array('index','view'),
		'users'=>array('@'),
		
		),
		array('allow', // allow authenticated user to perform 'create' and 'update' actions
			'actions'=>array('create','update'),
			'users'=>array('@'),
		),
		array('allow', // allow admin user to perform 'admin' and 'delete' actions
			'actions'=>array('admin','delete'),
			'users'=>array('admin'),
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}

And my actiondelete is:

public function actionDelete($id)
{

	$model=$this->loadModel($id);	
	$project=$this->loadProject($model->project_id);
	$params=array('project'=>$project);
	/* var_dump(Yii::app()->user->checkAccess('deleteIssue',$params));exit; */
	if(!Yii::app()->user->checkAccess('deleteIssue',$params))
	{
		throw new CHttpException(403,'You are not authorized to per-form this action');
	}
	
	if(Yii::app()->request->isPostRequest)
	{
		// we only allow deletion via POST request
		$this->loadModel($id)->delete();

		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
		if(!isset($_GET['ajax']))
			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
	}
	else
		throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}

But, I can call the updateaction and viewaction exactly. Could you tell me why?


(George_lu) #2

I rewrited the accessRule, and it has been solved.

array(‘allow’, // allow authenticated user to perform ‘create’ and ‘update’ actions
‘actions’=>array(‘create’,‘update’,‘delete’),
‘users’=>array(’@’),
),