Authentication / Access Control

Hey there. Im stuck in the authentication part, i need to give different access to different users, and I thought use rbac would be a good idea, but it’s poorly documentated, and it also seems to be complicated. I have a field in my user’s table, named usr_tipo (that stands for user type). I wanna give access for them depending on this (0, 1 and 2 are different kinds of normal users, while 3 should stand for admin). I also wanna check if the user is owner of something (checkin author’s id and logged user’s id).

So how could I do this?

About the AuthManager, i don’t even know where to start. There’s a piece of code here: but i dont even know where to put this. Also, my tasks/operations aren’t defined, im just creating my website and I still dunno everything I’ll need.

Please can anybody help me on this ?

Well, beside i had no answer, i got this problem solved. There’s how i did it:

As AuthManager seemed to be too complicated, I decided to create a more simple thing, based on Larry Ulman’s solution. So here is it:

First, i have a field in my table called usr_tipo, that has numeric values for each user type:

1 = musician

2 = band

3 = other

4 = admin

In UserIdentity.php, inside the authenticate() method, I set a state on user’s session to identify it’s role. I also set a getter to get the user’s id from the table:

	private $_id;

	public function authenticate()


		$record = Usuarios::model()->findByAttributes(array('login'=>$this->username));

		if (is_null($record))


		else if ($record->senha !== md5($this->password))




			$this->_id = $record->id;

			/** Define o role de acordo com o usr_tipo **/

			switch ($record->usr_tipo) {

				case 0: $role = 'musico'; break;

				case 1: $role = 'banda'; break;

				case 2: $role = 'outro'; break;

				case 3: $role = 'admin'; break;


					$role = '';


			$this->setState('role', $role);

			$this->setState('nome', $record->nome);



		return !$this->errorCode;


	public function getId()


		return $this->_id;


Then, in my controller, i set some variables with expressions that validates using that value set in user’s session:

	public function accessRules()


		/** regras **/

		$isMusico = "isset(Yii::app()->user->role) && (Yii::app()->user->role==='musico')";

		$isBanda = "isset(Yii::app()->user->role) && (Yii::app()->user->role==='banda')";

		$isOutro = "isset(Yii::app()->user->role) && (Yii::app()->user->role==='outro')";

		$isAdmin = "isset(Yii::app()->user->role) && (Yii::app()->user->role==='admin')";

		return array(

			array('allow',  // allow all users to perform 'list' and 'show' actions




			array('allow', // allow authenticated user to perform 'update' and 'delete' actions

				'actions'=>array('update', 'delete'),




			array('allow', // allow admin user to perform 'admin' action





			array('deny',  // deny all users





Finally, you can see there’s a method in one of those blocks. $this->isOwnerOrAdmin() is a method I created to allow access either if the user is owner of that page, or if he’s admin. There’s the function:

	private function isOwnerOrAdmin()


		return ( isset(Yii::app()->user->role) && (Yii::app()->user->role==='admin') ) || ( isset($_GET['id']) && (Yii::app()->user->id==$_GET['id']) );


That’s it. I hope to help people with the same problem.


I just read this post.

I had also this problem and I solved it with a simiral method-it is also at the comments of Authentication and Authorization.

Thanks! That’s so useful to me, I was stucked in the auth stuff too.

The rbac systems seems to be very flexible, but is badly documented and I didn’t understood how to implement it, so, your solution was better to me.

I too found this helpful

Thanks for the hint…

Did you ever get srbacs to work?


Thank you so much bogus. I had searched for such a long time and your post has ended my search.


Awsome post man. Really saved my day. :)

thx bogus, this post really helped me a lot.

try it and got luck with it thx man save my time

oh, very good.

that was helpful.