Strange behaviour in access control rules

nareboy · April 22, 2012, 9:49pm

Hi guys.

Thanks again for your attention.

The problem is:

I have the accessRules function at Controller component:




return array(

                        array('allow',  // allow all users to perform 'index' and 'contact' actions

                                'actions'=>array('login'),

                                'users'=>array('*'),

                        ),

                        array('allow', // allow authenticated user to perform 'delete' and 'update' actions

                                'actions'=>array('registroponto','index','logoff','gerapdf'),

                                'users'=>array('@'),

                        ),

                        array('deny',  // deny all users

                                'users'=>array('*'),

                        ),

);

The actions ‘registroponto’, ‘index’ and ‘logoff’ are located on the same controller PontoController, and the action gerapdf is located in GridPontoController. When the action gerapf is called the following error appears:

CHttpException

You are not authorized to perform this action.

The strange thing is it was working perfectly but out of nowhere stopped working. Nothing has changed and now the action only works if I change it to the same controller where are the other actions (PontoController).

The action gerapdf is called in my cgridview:


...

'url'=>'Yii::app()->createUrl("gridponto/gerapdf", array("id"=>geral::cript($data->codigo_cadfu,\'E\',50),"hra"=>geral::cript($data->hora_registro,\'E\',50)))',

...

What is happening?

Thanks!

boynet · April 22, 2012, 10:21pm

you need to put the gerapdf rule in the GridPontoController

nareboy · April 22, 2012, 10:46pm

How? Adding the function acessRules GridPontoController?

I think the function acessRules in class Controller (Components) manages all the access rule of all actions in all controllers, why should I add an additional rule on a specific controller?

Thank for your reply!

abennouna · April 22, 2012, 11:02pm

Shouldn’t it be grid[color="#FF0000"]P[/color]onto in:


'url'=>'Yii::app()->createUrl("gridPonto/gerapdf", …

Are you sure you don’t already have accessRules into GridPontoController like a ‘deny all’ rule, which would override any rule in Components/Controller.php?

Besides, have you tried to run your gridponto/gerapdf directly in the browser

nareboy · April 22, 2012, 11:35pm

bennouna:

Shouldn’t it be grid[color="#FF0000"]P[/color]onto in:
'url'=>'Yii::app()->createUrl("gridPonto/gerapdf", …
Are you sure you don’t already have accessRules into GridPontoController like a ‘deny all’ rule, which would override any rule in Components/Controller.php?

Besides, have you tried to run your gridponto/gerapdf directly in the browser

Changed gridponto to gridPonto, same thing.

Question one:

Yes, I’m sure (I just checked).

Question two:

Yes, the same error appears.

abennouna · April 22, 2012, 11:54pm

Hmm ok I can’t see, although I’ve never used rules in Controller.php. I generally specify them in the relevant controllers, and it works all the time.

nareboy · April 23, 2012, 12:12am

Cool. I will also adopt this strategy and see how it goes.

Thank you very much!