November 13, 2014

8:21 am
In this article, we are going to discuss about How use Access Rules and Access Control in YII framework. Yii gives powerful options for limiting access per controller methods / actions. Imagine that in an example controller we have actions index, view, create, update, delete (typical CRUD).

Here is how our access rules should look provided our remote IP is 4.2.2.2 and we want only authorized user 'admin' to access the administrative actions:

public function accessRules() {
    return array(
        array('allow', // allow all users to perform 'index' and 'view' actions
            'actions' => array('index', 'view'),
            'users' => array('*'),
        ),
        array('allow', // allow admin users the admin actions
            'actions' => array('create', 'update', 'delete'),
            'users' => array('admin'),
            'ips'=>array('127.0.1.1','4.2.2.2'),

        ),
        array('deny', // deny all users
            'users' => array('*'),
        ),
    );
}

The above shows a good practice to limit the access by IP and not only to rely on authorization. This is very important for your website security.

0 comments:

Post a Comment