For module level, as you know each module have AdminModule class in which init() likes module configuration method, and beforeControllerAction() method is called before any module controller action is performed. You may place your customized code in this method to perform the access role checking for all controllers of current Module.
For example, I have an Admin module in my application. I want to limit access of this module for administrator only. In AdminModule class, I place checkAccess() like the followings:
class AdminModule extends CWebModule
{
public function init()
{
$this->setImport(array(
'admin.models.*',
//'application.models.*',
'admin.components.*',
));
}
public function beforeControllerAction($controller, $action)
{
if(parent::beforeControllerAction($controller, $action))
{
// this method is called before any module controller action is performed
// you may place customized code here
if ( !Yii::app()->user->checkAccess('admin') ) {
if(Yii::app()->user->isGuest){
$url = Yii::app()->createUrl(Yii::app()->user->loginUrl);
Yii::app()->user->returnUrl = Yii::app()->createUrl('/admin/');
Yii::app()->request->redirect($url);
}
else {
throw new CHttpException(403,'Have no permission');
}
}
return true;
}
else
return false;
}
}
