Revision #2 has been created by Steve Friedl on Apr 4, 2011, 6:10:32 AM with the memo:
Minor space shifting
« previous (#1) next (#3) »
Configuring controller access rules to default-deny
Starting with the blog tutorial, Yii developers are familiar with the notion of access rules defined in the controller, where the actions are allowed or denied depending on the user's name or role.
class CommentController extends CController
public function filters()
public function rules()
// other rules here
array('deny', 'users'=>array('*')) // default allow
Even those not implementing this article's technique would do well to add the default-allow rule even though it would be handled by Yii automatically so that others reading the code would **know** this was intended behavior.