Difference between #1 and #2 of
Configuring controller access rules to default-deny

Revision #2 has been created by Steve Friedl on Apr 4, 2011, 6:10:32 AM with the memo:

Minor space shifting
« previous (#1) next (#3) »

Changes

Title unchanged

Configuring controller access rules to default-deny

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

accessRules, security

Content changed

Starting with the blog tutorial, Yii developers are familiar with the notion of access rules defined in the controller, where the actions are allowed or denied depending on the user's name or role. ```php class CommentController extends CController
 
 {
public function filters()
{
[...]
```php
public function rules()
 {    {
 
     
return array(       // other rules here      array('deny', 'users'=>array('*')) // default allow       );    }
```
Even those not implementing this article's technique would do well to add the default-allow rule even though it would be handled by Yii automatically so that others reading the code would **know** this was intended behavior.

Important Notes
---------------
[...]
11 0
12 followers
Viewed: 89 220 times
Version: 1.1
Category: How-tos
Written by: Steve Friedl
Last updated by: nsanden
Created on: Apr 4, 2011
Last updated: 4 years ago
Update Article

Revisions

View all history