API lists GET endpoint has no user ID despite being restricted to non logged users.


*** Edit: a custom extension may be causing this. ***

Hi, I'm calling the API and for some reason, at least the /lists endpoint with the method GET (this should get all of a user's lists) the user identification is failing, Yii::app()->user->getId() returns 0, although the controller explicitly declares a rule that denies access for non logged in users.
So what could be the problem here?

class ListsController extends Controller
    // access rules for this controller
    public function accessRules()
        return array(
            // allow all authenticated users on all actions
            array('allow', 'users' => array('@')),
            // deny all rule.
    public function actionIndex()
        // [...]
        $criteria = new CDbCriteria();
        $criteria->compare('customer_id', (int)Yii::app()->user->getId());
        $criteria->addNotInCondition('status', array(Lists::STATUS_PENDING_DELETE));

        $count = Lists::model()->count($criteria);
        Yii::log( json_encode([
            ]), CLogger::LEVEL_ERROR );
           // [...]
Last edited:
Haha well I actually singled the extension out and when disabling it, the API works correctly, so yes, I'm contacting the extension developer now. Thanks!