Yii crud update error 400

Question

I created CRUD with Gii, I modified access rules and now I can't update a user data. Here is what I have modified:

public function accessRules()
{
    return array(
        array('allow',
        'users'=>array('@'),
        'expression'=>'!$user->isGuest && Yii::app()->user->privilages >= 5 && Yii::app()->user->status == 1',
        ),
        array('deny',
        'users'=>array('*'),
        ),
    );
}

everything else is like default, but when I push the pencil icon on manage users table I get this error:

Error 400
Your request is invalid.

and the url is:

http://www.example.com/admin/update/35

What am I doing wrong?

Answer 1

This error is not because of your accessRules array. Check that you have the corresponding action named correctly, check if the params to the action are ok, check your config file for url rules, i.e. the urlManager, check if you are sending the param correctly from the link.

Also you can use $user directly instead of Yii::app()->user.

If there is authorization error, you get error 403. This is 400 :

400 Bad Request The request cannot be fulfilled due to bad syntax.

Edit: Add this to your urlManager:

'rules'=>array(
         '<controller:\w+>/<id:\d+>'=>'<controller>/view',
         '<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>', // this is the rule you absolutely need for update to work
         '<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
         '<action>'=>'site/<action>'
),

Answer 2

/**
 * @return array action filters
 */
public function filters()
{
    return array(
        'accessControl', // perform access control for CRUD operations
        'postOnly + delete', // we only allow deletion via POST request
    );
}

The delete action can only be accessed by POST; You can check it.