0

I need to allow a certain kind of user access to a controller's actions, while denying other users who have the same roles plus an additional role. For example, user x has the role 'building', and user y has the role 'building' and 'admin'. I want to allow the 'building' role, except those who also have the 'manager' role. There is also a "super user" role that should be allowed access.

The following code block is equivalent to what I have right now:

        array('allow',
            'actions' => array('frontdesk', 'cabinet', 'replace', 'discard'),
            'expression' => array('User', 'isSuperStatic')
        ),
        array('allow',
            'actions' => array('frontdesk', 'cabinet', 'replace', 'discard'),
            'roles' => array('building')
        ),
        array('deny',
            'users' => array('*')
        )
hutch90
  • 341
  • 3
  • 15

1 Answers1

0

The solution that I came up with is to use another role that is unique to who I would consider in the 'building' department. So, instead of using 'building', I would use 'building_front_desk', for example. The manager doesn't have that role, but the desired users do.

hutch90
  • 341
  • 3
  • 15