diff options
Diffstat (limited to 'protected/modules/cms')
| -rw-r--r-- | protected/modules/cms/controllers/DefaultController.php | 19 | ||||
| -rw-r--r-- | protected/modules/cms/controllers/SitecontentController.php | 15 |
2 files changed, 27 insertions, 7 deletions
diff --git a/protected/modules/cms/controllers/DefaultController.php b/protected/modules/cms/controllers/DefaultController.php index b76d17b..e98d8cc 100644 --- a/protected/modules/cms/controllers/DefaultController.php +++ b/protected/modules/cms/controllers/DefaultController.php @@ -2,6 +2,19 @@ class DefaultController extends Controller { + public function accessRules()
+ {
+ return array(
+ array('deny',
+ 'actions'=>array('*'),
+ 'users'=>array('*'),
+ ),
+ array('allow',
+ 'actions'=>array('*'),
+ 'roles'=>array('admin'),
+ )
+ );
+ } public function beforeAction($action) { $this->layout = Yii::app()->controller->module->layout; @@ -16,5 +29,11 @@ class DefaultController extends Controller { $this->render('admin'); } + public function filters()
+ {
+ return array(
+ 'accessControl', // perform access control for CRUD operations
+ );
+ } } diff --git a/protected/modules/cms/controllers/SitecontentController.php b/protected/modules/cms/controllers/SitecontentController.php index 72dde78..448d6a6 100644 --- a/protected/modules/cms/controllers/SitecontentController.php +++ b/protected/modules/cms/controllers/SitecontentController.php @@ -14,14 +14,13 @@ class SitecontentController extends Controller public function accessRules() { return array( - array('deny',
- 'actions'=>array('*'),
+ array('allow', // allow admin user to perform 'admin' and 'delete' actions + 'actions'=>array('admin','index','create','view','update','delete'), + 'users'=>array('admin'), + ), + array('deny', // deny all users 'users'=>array('*'), ), - array('allow',
- 'actions'=>array('*'),
- 'roles'=>array('admin'),
- )
); } public function actionSearch() @@ -46,7 +45,9 @@ class SitecontentController extends Controller public function filters() { - return array('accessControl'); + return array( + 'accessControl', // perform access control for CRUD operations + ); } public function actionView() |