Dear Yii community,
I bumped up in a problem which involves the RBAC.
My rbac setup for roles:
$editor = $auth->createRole("editor");
$editor->setBizRule("return Yii::app()->user->isEditor();");
$admin = $auth->createRole("admin");
$admin->setBizRule("return Yii::app()->user->isAdmin();");
$admin->addChild($editor->getName());
My access controll filter in my controller
public function filters()
{
return array(
'accessControl',
);
}
public function accessRules()
{
return array(
array('allow',
'actions' => array('index'),
'roles' => array('editor'),
), array('deny',
'users' => array('*'),
));
}
When I login as an admin and go to the ‘index’ action, it says that I’m not authorized to perform this action.
Am I missing something in my RBAC setup, because the way I see it, I have made editor a child of admin, so admin can perform all editor’s actions.
(In my test, Yii::app()->user->isAdmin() always returns true, so no problem there)