I generated entity and model, then a CRUD for it using Gii. Default access rules say that delete action can do just users with admin role. By default we have 2 users defined in UserIdentity.php: admin/admin and demo/demo. Demo is common user and admin is admin user. Authenticating with demo I have "403 forbiden" on delete page. So question is where is set role for these default users?
Add a comment |
3 Answers
In your access rules array, you need to specify users not roles. Until you start using the RBAC module, you will have no roles assigned. The tutorial for RBAC shows how to define your roles and assign them to users. What it doesn't tell you is where to populate the files. read up about data migrations. That is where I populated my files.
Comments
3 Comments
Factory Girl
according to comment in this fragment it is a password and userlogin.
Factory Girl
$users=array( // username => password 'demo'=>'demo', 'admin'=>'admin', );
oroshnivskyy
Yes but anyway you shouldn't use them for production, better to add them to database and configure RBAC.
It depends on how deep you plan to go with your site security. If you are just trying grant access to specific users from that default users array, you can just configure them through the accessRules method and use the users configuration.
Otherwise, if you actually want a comprehensive role system, you will want to look into RBAC as @oroshnivskyy suggested.
answered May 14, 2013 at 14:14
Kevin Somers-Higgins
1,0051 gold badge11 silver badges13 bronze badges