403 Permission error on Ajax Call in Yii?

Question

I am new to Yii. I have created a module which has below codes:

Controller's Code:

public function accessRules()
{
    return array(
        array('allow',  // allow all users to perform 'index' and 'view' actions
            'actions'=>array('index','view'),
            'users'=>array('*'),
        ),
        array('allow', // allow authenticated user to perform 'create' and 'update' actions
            'actions'=>array('create','update'),
            'users'=>array('@'),
        ),
        array('allow', // allow admin user to perform 'admin' and 'delete' actions
            'actions'=>array('admin','delete','ajaxdialog'),
            'users'=>array('*'),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}

AND here is action i want to use by ajax call:

public function actionAjaxdialog()
{
    $user_id =  $_POST['image_id'];     
    $is_active = $_POST['status'];
    $model = $this->loadModel($image_id);
    $model->is_active = $is_active;
    $model->update();   
}

view's code:

$(document).ready(function(){
$('.changeStatus').live('click',function(){
    var status = $(this).attr('status');
    if(status==1)
    {
        status=0;
    }
    else
    {
        status=1;
    }
    var id = $(this).attr('image_id');      
    var $link = $(this);

    $.ajax({

        type: "POST",
        url:    "<?php echo Yii::app()->createUrl('Gallery/Ajaxdialog'); ?>",
        data:  {image_id:id,status:status},
        success: function(msg)
        {   
            if(status==0)
            {
                $link.attr('status','0');
                $link.attr('title','In-active :: click to activate.');
                $link.children('img').attr('src','/images/wrong.png');
                AfterStatusChange('Image has been de-activated sucessfully.');
                $link.parent().parent().removeClass('selected');
            }
            else
            {
                $link.attr('status','1');
                $link.attr('title','Active :: click to de-activate.');
                $link.children('img').attr('src','/images/right.png');
                AfterStatusChange('Image has been activated sucessfully.');
                $link.parent().parent().removeClass('selected');
            }


        },
        error: function(xhr){
            //alert("failure"+xhr.readyState+this.url)
            alert("failure"+xhr.responseText);
        }
    });


});
});

I am working on localhost, i have update ".htaccess" file with following code:

deny from all
Allow from localhost

It always gives me the following error when i tries to run it:

"Access forbidden"

Please help me how can i resolve this issue.

So you have apache or yii forbidden error? Also check this http://stackoverflow.com/questions/9507645/htaccess-deny-from-all — , Aug 28 '13 at 13:09
If you remove the `deny from all` in your `.htaccess` does it run correctly? — Pitchinnate, Aug 28 '13 at 13:20
If you look at the HTML source code what is the result of: `url: "createUrl('Gallery/Ajaxdialog'); ?>",` — Pitchinnate, Aug 28 '13 at 13:24
createUrl('gallery/ajaxdialog'); ?> Make the first letter for controllerId and actionId in lower case. and tell me what it does, and instead of localhost in htaccess use 127.0.0.1 — Cherif BOUCHELAGHEM, Aug 28 '13 at 13:36
you say modules so the url must be /module/controller/action may be you point to another controller can you check? — Cherif BOUCHELAGHEM, Aug 28 '13 at 13:48
@CherifBOUCHELAGHEM i not using module.i was just saying i m working on module but in real scenario. — Amit Singla, Aug 28 '13 at 13:52
Any news? I tried to reproduce this but it works fine for me!! weired — Cherif BOUCHELAGHEM, Aug 28 '13 at 14:27
`$model = $this->loadModel($image_id);` `$image_id` -what that ? — Evgeniy Tkachenko, Aug 28 '13 at 19:03

score 1 · Accepted Answer · edited Oct 19 '13 at 03:57

I managed to fix the forbidden issue with the following Ajax code:

$.ajax({
    url      : "<?php echo Yii::app()->createUrl('test/ajax');?>",
    data     : {},
    type     : "POST",
    dataType : "html",
    success  : function(response){
        $('#test').html(response);
    },
    error    : function(){
        alert("Failed request data from AJAX request");
    }
});

On the controller:

public function accessRules() {
    return array(
        array(
            'allow',
            'actions' => array('ajax'),
            'users'   => array('@'),
        ),
    );
}

You may try with this one.

This does not work all the time – Aditya Jul 03 '22 at 05:38 — Aditya, Jul 03 '22 at 05:38

score 0 · Answer 2 · answered Mar 29 '17 at 06:28

add the csrfToken in ajax data.

$.ajax({

        type: "POST",
        url:    "<?php echo Yii::app()->createUrl('Gallery/Ajaxdialog'); ?>",
        data:  {<?= Yii::$app->request->csrfParam; ?> : '<?= Yii::$app->request->csrfToken; ?>',image_id:id,status:status},
        success: function(msg)
        {   
            if(status==0)
            {
                $link.attr('status','0');
                $link.attr('title','In-active :: click to activate.');
                $link.children('img').attr('src','/images/wrong.png');
                AfterStatusChange('Image has been de-activated sucessfully.');
                $link.parent().parent().removeClass('selected');
            }
            else
            {
                $link.attr('status','1');
                $link.attr('title','Active :: click to de-activate.');
                $link.children('img').attr('src','/images/right.png');
                AfterStatusChange('Image has been activated sucessfully.');
                $link.parent().parent().removeClass('selected');
            }


        },
        error: function(xhr){
            //alert("failure"+xhr.readyState+this.url)
            alert("failure"+xhr.responseText);
        }
    });

403 Permission error on Ajax Call in Yii?

2 Answers2