I created a new controller called ‘ReportController’ and have the following inside its accessRules() method,
array('allow',
'actions'=>array('index'),
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
The problem is, despite of having ‘@’ under the rule for ‘index’ page, it opens without logging in. I’ve not seen this problem before so wondering what could be wrong.