admin user access fails

rmulhern · February 24, 2011, 11:24pm

I went through a couple Auth tutorials and the guides, but I think I may have missed something. I can login and logout just fine. I can see all the pages an authenticated user can, but when I go to a page an admin user is supposed to have access to I always get a prompt telling me I do not have access.

This returns true:




var_dump(Yii::app()->user->checkAccess('admin')); //returns bool(true) on var_dump

My authManager component is setup in my main.config like this:




        'authManager'=>array(

            'class'=>'CDbAuthManager',

            'connectionID'=>'db',

            'defaultRoles'=>array('authenticated', 'guest'),

        ),

I ran some sql and have 3 auth tables. They all have data in them except for AuthItemChild. That table is empty. I also ran a script that does the following:





	$auth=Yii::app()->authManager;


	$bizRule='return !Yii::app()->user->isGuest;';

	$auth->createRole('authenticated', 'authenticated user', $bizRule);

 

	$bizRule='return Yii::app()->user->isGuest;';

	$auth->createRole('guest', 'guest user', $bizRule);


	$role = $auth->createRole('admin', 'administrator');

	$auth->assign('admin',1); 

		

	$auth->save();

I’m logged in as the user with ID 1.

The only odd thing is I don’t have a user table or Model. Instead it’s called member, only because I’ve integrated phpBB with my yii app which also has a user object so there was a conflict. Thanks in advance. Any suggestions?

rmulhern · February 25, 2011, 12:36am

I went tracing through the source. I got to this point where it seems to break. It returns true for all those methods in the conditionals but $this->allow is false and returns -1.




	public function isUserAllowed($user,$controller,$action,$ip,$verb)

	{

		if($this->isActionMatched($action)

			&& $this->isUserMatched($user)

			&& $this->isRoleMatched($user)

			&& $this->isIpMatched($ip)

			&& $this->isVerbMatched($verb)

			&& $this->isControllerMatched($controller)

			&& $this->isExpressionMatched($user))

			return $this->allow ? 1 : -1;

		else

			return 0;

	}

rmulhern · February 25, 2011, 1:49am

It seems like if I remove the deny rules from my accessRules method in the Controller stops me from getting the message and I can access the page. Then all users admin or not can access the page.


	

public function accessRules()

	{

	

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('index','view'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin'),

				'users'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

It seems like the allow that isn’t working in my last post is set here in CAccessControlFilter




	public function setRules($rules)

	{

		foreach($rules as $rule)

		{

			if(is_array($rule) && isset($rule[0]))

			{

				$r=new CAccessRule;

				$r->allow=$rule[0]==='allow';

Maybe I missed a step in setting everything up? Any suggestions?

rmulhern · February 26, 2011, 10:37pm

figured it out. stupid me…

I was using users instead of roles

worked when i changed my code to




array('allow',  // allow all users to perform 'index' and 'view' actions

    'actions'=>array('index','view'),

    'users'=>array('*'),

),

array('allow', // allow authenticated user to perform 'create' and 'update' actions

    'actions'=>array('create','update'),

    'roles'=>array('authenticated'),

),

array('allow', // allow admin user to perform 'admin' and 'delete' actions

    'actions'=>array('admin'),

    'roles'=>array('admin'),

),

array('deny',  // deny all users

    'users'=>array('*'),

),