Hi, i use the same model to login the users and to login in admin module.
For admin i have a row where 1 = admin 0 = user.
how can i restrict users to login in the admin module where the admin row in users table is 0?
Hi, i use the same model to login the users and to login in admin module.
For admin i have a row where 1 = admin 0 = user.
how can i restrict users to login in the admin module where the admin row in users table is 0?
Hi
How check the access for each controller/action ?
please give us more details…
This are acces rules for default controller in admin module
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index'),
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
Like this for example:
public function accessRules() {
return array(
array('allow',
'expression' => '$user->getState("isAdmin") == 1',
),
array('deny',
'users' => array('*'),
),
);
}
More on that here: http://www.yiiframework.com/doc/api/1.1/CAccessRule#expression-detail
Thank you
For me worked so:
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index'),
'expression' => 'Yii::app()->user->isAdmin()',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
Also If you use RBAC (see http://www.yiiframework.com/wiki/328/simple-rbac/)
you could just use
'roles'=>array('admin', 'or_whatever_role_you_want'),