Im using cbSecurity with my own validator object and don’t get the results i expect when adding a second rule. The ADMIN rule works with no issue, but when i add the USER rule and login with an account which has the USER role, I’m not getting the access to the events i have defined in the USER rule. So I must obviously be doing something wrong. Here is what I’m trying to accomplish:
Admin - has access to all events within the handlers in the Admin folder
User - has limited access to certain events in the User handler within the admin folder. These are:
- admin.user.userEditor
- admin.user.save
- admin.user.changepassword
- admin.user.savePassword.
Now I can easily go into each handler in admin and check the role and redirect the user from there if they don’t have access, but that kind of defeats the purpose of using cbsecurity!
Here are the rules i have as they are currently defined. Any assistance is greatly appreciated!
`
security\..*,main\..* dashboardUser\..*,dashboard\..*,User\..*,Role\..*,Content\..*,stateProvince\..*,menu\..* event admin security.login false security\..*,main\..* dashboardUser\..*,User\.index,User\.remove,Role\..*,Content\..*,stateProvince\..*,menu\..* event User security.login false`