Action Controller Permission

hi friends

i have one question about action permission .

i want set filters and accessRule automatic , from database .

I want every user to be able to see the action or does not

And

Want to control access to the database and automated actions to be

regards

do you mean rbac? I dont quiet understand the so called ‘automated’.

tell some more details.

hi

this is my structure for access to action [ controller:site / action:contact ] [size="1"]for example[/size]

Table Structure :




id          =  20

action      =  contact

controller  =  site

role        =  superAdmin

type        =  deny

filters for check access to this action :


<?php

class ECheckActionPermissionFilter extends CFilter

{

    protected function preFilter($filterChain)

    {

        //$this->preFilter($filterChain);

        return parent::preFilter($filterChain);

    }

   

    protected function postFilter($filterChain)

    {

        $role        = Yii::app()->user->role;

        $controller = $filterChain->controller->id;

        $action     = $filterChain->action->id;

        $user_id    = Yii::app()->user->id;

       

        $sql = 'SELECT * FROM tbl_action a

                WHERE a.action=:action

                    AND a.controller=:controller

                    AND a.role=:role';


        $command = Yii::app()->db->createCommand($sql);

        $command->bindParam(":action", $action, PDO::PARAM_INT);

        $command->bindParam(":controller", $controller, PDO::PARAM_STR);

        $command->bindParam(":role", $role, PDO::PARAM_STR);

        $permissions = $command->queryAll();

       

        if(!empty($permissions)){

            foreach($permissions as $p){

                if($p['type'] == 'allow')

                {

                    $allow = "allow";

                    break;

                }

                elseif($p['type'] == 'deny')

                {

                    $allow = "deny";

                    break;

                }

            }

        }

       

        echo $allow;

        if($allow == "deny" )

        {

            throw new CHttpException(403,Yii::t('yii','You are not authorized to perform this action.'));

        }

       

        parent::postFilter($filterChain);

       

    }


}

if run this url : yii/index.php?r=site/contact

dublicate render view [ image attached ]

why dublicate ?

what problem ?

please idea !

thanks3244

borjian.jpg

And what about your site controller’s code? Can you post it?

what !? i dont underestand what u say , sry !? :unsure:

bennouna: Take a look at Yii filters, you simply include the filter in your controller, you don’t need to write any additional code for each controller.

ACL solution:




/**

 * Assumes that Action is a model with its own table (id being the only required column)

 */

protected function postFilter($filterChain)

    {

        $controller = $filterChain->controller->id;

        $action     = $filterChain->action->id;

        $id         = $controller.'::'.$action;

        $user        = RestrictedActiveRecord::getUser();


        if(!$user->may($id, 'exec'))

            throw new CHttpException(403,Yii::t('yii','You are not authorized to perform this action.'));

       

        parent::postFilter($filterChain);

       

    }


if(!$user->may($id, 'exec'))

can u post it may function AND RestrictedActiveRecord::getUser();

?