Yii Framework Wiki
Difference between
#1 and
#2 of
Configuring controller access rules to default-deny
Revision #2 has been created by Steve Friedl on Apr 4, 2011, 6:10:32 AM with the memo:
Minor space shifting
« previous (#1) next (#3) »
Changes
Title unchanged
Configuring controller access rules to default-deny
Category unchanged
How-tos
Yii version unchanged
Tags unchanged
accessRules, security
Content changed
Starting with the blog tutorial, Yii developers are familiar with the notion of access rules defined in the controller, where the actions are allowed or denied depending on the user's name or role.
```php
class CommentController extends CController
public function filters()
{
public function rules() { {
return array(
// other rules here
array('deny', 'users'=>array('*')) // default allow
);
}
```
Even those not implementing this article's technique would do well to add the default-allow rule even though it would be handled by Yii automatically so that others reading the code would **know** this was intended behavior.
Important Notes
---------------
public function filters()
{
[...]
```phppublic function rules() {
```
Even those not implementing this article's technique would do well to add the default-allow rule even though it would be handled by Yii automatically so that others reading the code would **know** this was intended behavior.
Important Notes
---------------
[...]
12 followers
Viewed: 140 094 times
Version: 1.1
Category: How-tos
Written by: Steve Friedl
Last updated by: nsanden
Created on: Apr 4, 2011
Last updated: 10 years ago
Revisions
View all history-
10 years ago by
nsanden fixed default allow rule
-
13 years ago by
samdark No need to specify users for deny rule
-
13 years ago by
Steve Friedl Minor space shifting
- 13 years ago by Steve Friedl