Hello all, this is my first post for new topic, sorry if looks meesy. I use rights module for managing access control, but I found one problem. My problem is, my rights module does not affect for controllers placed in sub directory.
This is the hierarchy of my protected/controllers directory:
-- controllers/
-- UserController
-- izin/
-- StoreController
So the url will be: mysite/izin/store/create and so on…
On the other hand, I have a user with role as ‘Operator’ and I assign ‘Store.Create’ operation for this role, but what I’ve got is a 403 error when the user wants to access the url. This means the permission I have set does not affect to this controller right?
To solve this, I have to add this function in StoreController:
public function allowedActions() {
//if(Yii::app()->user->checkAccess('Gudang.Create')) return 'index, create, view, update'; // does not affect
$user=User::model()->findByPk(Yii::app()->user->getId());
if($user->role == 'Operator') return 'index, create, view, update';
}
The code works well, but I think there should be a better way to solve my problem. Anyone of you can help me?
Thanks a lot,
Adhi