Restricting admin access
One problem you may have already noticed is that anyone, including guest users, can access our new admin module. We are building this admin module to expose application functionality that should only be accessible to users with administrative access. So, we need to address this issue.
Luckily, we have already implemented an RBAC access model in our application back in Chapter 8. All we need to do now is extend it to include a new role for administrators and new permissions available to that role.
If you recall from chapter 8, we used a Yii shell command to implement our RBAC structure. We need to add to that. So, open up the file containing that shell command, /protected/commands/shell/RbacCommand.php and add the following:
//create a general task-level permission for admins
$this->_authManager->createTask("adminManagement", "access to the application administration functionality");
//create the site admin role, and add the appropriate permissions
$role...
