I am using standard authorization provided by Yii 1.1.1
I am using access rules to control user access to certain pages.
As there are different user levels, it would be good to show users lacking proper authorization levels a message on the login screen explaining why they need to log in or do not have sufficient rights.
I found this property "message" on CAccessRules which seems to do:
So, I set a message for one access rule but it is not displayed when the login screen is displayed:
public function accessRules()
{
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update','exports'),
'users'=>array('@'),
'message'=>'You need to be logged in to export data!'
),
);
}
Do I need to add a message render method to my templates or layouts?
The message is actually only used in case where the user is already loggedin, but lacks sufficient privilege. It’s not going to pass the message to the login required display unless you override the default behavior of the Access Control.
In CAccessControllFilter.php (framework/web/auth) you will find the method which causes the redirect as such:
/**
* Denies the access of the user.
* This method is invoked when access check fails.
* @param IWebUser $user the current user
* @param string $message the error message to be displayed
* @since 1.0.5
*/
protected function accessDenied($user,$message)
{
if($user->getIsGuest())
$user->loginRequired();
else
throw new CHttpException(403,$message);
}
You would need to override and pass the message on to loginRequired etc, or set it up as a flash message which you then display in your login page.
