You have to seperate two things in your controller
[list=1]
[*]Users who has permissions of general action (like admin has action deleteUser)
[*]Users who has permissions for specific Users in Action
[/list]
for example
array('allow',
'actions'=>array('delete'),
'roles'=>array('admin'),
),
....
public function actionDelete($id) {
if (Yii::app()->authManager->isAssigned('employer', $id))
throw new CHttpException(403, 'You are not authorized to perform this action.');
..your code to delete the user with id = $id
}
The above you could achieve (with or without) RBAC bizrule
I just want to confirm that what is the correct syntax $this->setState(‘role’, $role) or $this->setState(‘roles’, $role). I think roles and role are different, In some line you used roles and in some you used role.
Second where i have to use the code below, mean to which file i have to do this
$auth=Yii::app()->authManager;
$auth->createOperation('createPost','create a post');
$auth->createOperation('readPost','read a post');
$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');
$role=$auth->createRole('reader');
$role->addChild('readPost');
$role=$auth->createRole('author');
$role->addChild('reader');
$role->addChild('createPost');
$role->addChild('updateOwnPost');
$role=$auth->createRole('editor');
$role->addChild('reader');
$role->addChild('updatePost');
$role=$auth->createRole('admin');
$role->addChild('editor');
$role->addChild('author');
$role->addChild('deletePost');
$auth->assign('reader','readerA');
$auth->assign('author','authorB');
$auth->assign('editor','editorC');
$auth->assign('admin','adminD');