Yii Role Based Access Control

Question

I generated entity and model, then a CRUD for it using Gii. Default access rules say that delete action can do just users with admin role. By default we have 2 users defined in UserIdentity.php: admin/admin and demo/demo. Demo is common user and admin is admin user. Authenticating with demo I have "403 forbiden" on delete page. So question is where is set role for these default users?

Answer 1

In your access rules array, you need to specify users not roles. Until you start using the RBAC module, you will have no roles assigned. The tutorial for RBAC shows how to define your roles and assign them to users. What it doesn't tell you is where to populate the files. read up about data migrations. That is where I populated my files.

Answer 2

This is not default users but default roles. You should read about RBAC

Answer 3

It depends on how deep you plan to go with your site security. If you are just trying grant access to specific users from that default users array, you can just configure them through the accessRules method and use the users configuration.

Otherwise, if you actually want a comprehensive role system, you will want to look into RBAC as @oroshnivskyy suggested.