dbavscc
commented
9 years ago Rules executed on every access check, even if permission not assigned to user. https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php#L192-L194
Open ariefsam opened 9 years ago
dbavscc
commented
9 years ago Rules executed on every access check, even if permission not assigned to user. https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php#L192-L194
ariefsam
commented
9 years ago Thanks for your reply. Is that any reason why all rules executed?
densermatveev
commented
9 years ago Good evening! The parameter 'advertiser_id' is not empty? If so, then both values will be empty, and therefore the condition.
dynasource
commented
9 years ago @ariefsam: please take a better look at de docs. Its well documented on simple matters http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#using-default-roles If you want to understand RBAC better, take a look at DbManager like @dbavscc suggested https://github.com/yiisoft/yii2/blob/master/framework/rbac/DbManager.php#L192-L194. Finally, if you want to make it easier for people here to look if there is a bug, please give a better description, without weird code and a PHP errors of which you were aware of. This makes it confusing where to look for.
This is my RBAC rule. https://gist.github.com/ariefsam/a97cb258cd5f4b6d69c3
I assign user id 4 to that rule so when user id 4 login, the rule is executed.
Then I try to login with user id 2 that not set to the rule, than error (notice) happened because no id 2 in $allowed. Why the rule is executed?
Thanks