public function accessRules() { // Allow logged in users - the main authorisation check happens later in verifyActionAccess return array(array('allow', 'users' => array('@'))); }