l am new to yii. lam trying to use rights. l created a role with task and operations and assigned that role to user whom l just created. when l log in with that user all lam getting is error 403 You are not authorized to perform this action. The user is being authenticated but is blocked to perform operations despite these having been specified in the role.lf l log in with the admin user everything is ok.
Role name: Data_capture
Task: Data_capture
Operations: Create/update/view
define access rules in controller .like
public function accessRules() {
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions' => array('index', 'view', 'delete'),
'users' => array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions' => array('create', 'update', 'delete'),
'users' => array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions' => array('admin', 'delete'),
'users' => array('admin'),
),
array('deny', // deny all users
'users' => array('*'),
),
);
}Still no joy, in fact my accessRules are exactly like that. l have checked the look up of the role as follows:
if(Yii::app()->user->checkAccess(‘Data_capture’))
{
echo "User is authorised";
}
it appears all is ok there.
I don’t know what l did wrong.l think these two rules are declining my user:
Is this rule not supposed to be true for unauthenitcated users
array('allow', // allow all users to perform 'index' and 'view' actions
'actions' => array('index', 'view'),
'users' => array('*'),
),
If the user is authenticated why is this one not allowing accesss:
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions' => array('create', 'update', 'delete'),
'users' => array('@'),
),