I have successfully setup User and Rights extension and configured my main.php to use both.
I can create roles and assign permissions to roles for controller actions through the Rights web interface.
However, these assignment do not apply and logged in users can access everything. What else do I need to do in order to make the assignments affect my web app?
How do I specify business rules through Rights so for example the logged in user can only access his items etc?
Unfortunately the available topics and Yii documentation is not clear enough and couldn’t find an easy to follow solution for this simple task.