yii 权限控制

摘录以3种：

1,通过accessControl，

	public function filters()
	{
		return array(
			'accessControl', // perform access control for CRUD operations
		);
	}

	/**
	 * Specifies the access control rules.
	 * This method is used by the 'accessControl' filter.
	 * @return array access control rules
	 */
	public function accessRules()
	{
		return array(
			array('allow', // allow authenticated users to access all actions
				'users'=>array('@'),
			),
			array('deny',  // deny all users
				'users'=>array('*'),
			),
		);
	}

 2，通过插件（如：right）

	public function filters()
	{
		return array(
			'rights',
		);
	}

 3，混合模式:

	/**
	 * @return array action filters
	 */
	public function filters()
	{
		return array(
			'updateOwn + update', // Apply this filter only for the update action.
			'rights',
		);
	}
	
	/**
	 * Filter method for checking whether the currently logged in user
	 * is the author of the post being accessed.
	 */
	public function filterUpdateOwn($filterChain)
	{
		$post=$this->loadModel();
		
		// Remove the 'rights' filter if the user is updating an own post
		// and has the permission to do so.
		if(Yii::app()->user->checkAccess('PostUpdateOwn', array('userid'=>$post->author_id)))
			$filterChain->removeAt(1);
		
		$filterChain->run();
	}

 如果有权限的基础上，开放某些动作的权限，可以通过allowedActions:

	public function allowedActions()
	{
	 	return 'autocomplate,autocomplate2';
	}

 From http://blog.csdn.net/yuhui_fish/article/details/8191653