Yii getting Error 403 even if logged in as an admin

jimgym1989 · August 25, 2012, 7:10am


public function actionCheckout()

{

    echo "Hello World!";

}

I just created this very simple code in the controller but when I try to browse it in my URL it shows me this error:

"Error 403. You are not authorized to perform this action"

Even if i’m currently logged in as an Admin but still why can’t i access that very simple code.

I will post the accessRules that the CRUD generated, I don’t know if this are related to each other but when I try to delete this line, I can already access that page.


public function accessRules()

    {

        return array(

            array('allow',  // allow all users to perform 'index' and 'view' actions

                'actions'=>array('index','view'),

                'users'=>array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions'=>array('create','update'),

                'users'=>array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions'=>array('admin','delete'),

                'users'=>array('admin'),

            ),

            array('deny',  // deny all users

                'users'=>array('*'),

            ),

        );

    }

What do you think are/is the reason for that? Your help would be greatly appreciated and rewarded!

seenivasan · August 25, 2012, 7:54am

Welcome to the Yii fold,

Modify access rules in such a way that "admin" is authorized to perform "checkout"




array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions'=>array('admin','delete','checkout'),   //add action checkout here...

                'users'=>array('admin'),

Belichuk · August 25, 2012, 7:57am

You create action "Checkout", but you dont have rule for this action. So Yii use last rule in accessRules




array('deny',  // deny all users

    'users'=>array('*'),

)

If you want access to your action please try add action to allowed for admin user:




array('allow', // allow admin user to perform 'admin' and 'delete' actions

    'actions'=>array('admin','delete', 'checkout'),

    'users'=>array('admin'),

),

jimgym1989 · August 25, 2012, 3:21pm

seenivasan:

Welcome to the Yii fold,

Modify access rules in such a way that "admin" is authorized to perform "checkout"
array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions'=>array('admin','delete','checkout'),   //add action checkout here...

                'users'=>array('admin'),

Thanks for your answer! That solved the problem!

By the way, what’s does Yii fold mean?

shantanu · October 4, 2012, 5:09am

Hey, I had similar problem and this works! Thanks a bunch…