Chapter 8, User Acces Control

after I followed the tutorial in chapter 8 and I did as I could not access the requested page with projects only user page.

Here is my file ProjectController.php


<?php


class ProjectController extends Controller

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

			'accessControl', // perform access control for CRUD operations

			'postOnly + delete', // we only allow deletion via POST request

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

			array('allow',  // allow only authenticated user to perform 'index' and 'view' actions

				'actions'=>array('index','view', 'adduser'),

				'users'=>array('@'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete'),

				'users'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}


	/**

	 * Displays a particular model.

	 * @param integer $id the ID of the model to be displayed

	 */

	public function actionView($id)

	{

		$id = $_GET['id'];

    	$issueDataProvider = new CActiveDataProvider('Issue', array(

                'criteria' => array(

                    'condition' => 'project_id=:projectId',

                    'params' => array(

                        ':projectId' => $this->loadModel($id)->id),

                ),

                'pagination' => array('pageSize' => 1),

    	));

    	$this->render('view', array(

        	'model' => $this->loadModel($id),

        	'issueDataProvider' => $issueDataProvider,

    	));

	}


	/**

	 * Creates a new model.

	 * If creation is successful, the browser will be redirected to the 'view' page.

	 */

	public function actionCreate()

	{

		$model=new Project;


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['Project']))

		{

			$model->attributes=$_POST['Project'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('create',array(

			'model'=>$model,

		));

	}


	/**

	 * Updates a particular model.

	 * If update is successful, the browser will be redirected to the 'view' page.

	 * @param integer $id the ID of the model to be updated

	 */

	public function actionUpdate($id)

	{

		$model=$this->loadModel($id);


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['Project']))

		{

			$model->attributes=$_POST['Project'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('update',array(

			'model'=>$model,

		));

	}


	/**

	 * Deletes a particular model.

	 * If deletion is successful, the browser will be redirected to the 'admin' page.

	 * @param integer $id the ID of the model to be deleted

	 */

	public function actionDelete($id)

	{

		$this->loadModel($id)->delete();


		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

		if(!isset($_GET['ajax']))

			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

	}


	/**

	 * Lists all models.

	 */

	public function actionIndex()

	{

		$dataProvider=new CActiveDataProvider('Project');

		$this->render('index',array(

			'dataProvider'=>$dataProvider,

		));

	}


	/**

	 * Manages all models.

	 */

	public function actionAdmin()

	{

		$model=new Project('search');

		$model->unsetAttributes();  // clear any default values

		if(isset($_GET['Project']))

			$model->attributes=$_GET['Project'];


		$this->render('admin',array(

			'model'=>$model,

		));

	}


	/**

	 * Returns the data model based on the primary key given in the GET variable.

	 * If the data model is not found, an HTTP exception will be raised.

	 * @param integer $id the ID of the model to be loaded

	 * @return Project the loaded model

	 * @throws CHttpException

	 */

	public function loadModel($id)

	{

		$model=Project::model()->findByPk($id);

		if($model===null)

			throw new CHttpException(404,'The requested page does not exist.');

		return $model;

	}


	/**

	 * Performs the AJAX validation.

	 * @param Project $model the model to be validated

	 */

	protected function performAjaxValidation($model)

	{

		if(isset($_POST['ajax']) && $_POST['ajax']==='project-form')

		{

			echo CActiveForm::validate($model);

			Yii::app()->end();

		}

	}


	public function actionAdduser() 

	{

    $form=new ProjectUserForm;

   		$form=new ProjectUserForm; 

    	$project = $this->loadModel();

    	// collect user input data

    	if(isset($_POST['ProjectUserForm'])) {

        	$form->attributes=$_POST['ProjectUserForm']; 

        	$form->project = $project; // validate user input and set a sucessfull flassh message if valid

        	if($form->validate()) 

        	{

            	Yii::app()->user->setFlash('success',$form->username . " has been added to the project." );

            	$form=new ProjectUserForm;

        	}

    	}

    	// display the add user form 

    	$users = User::model()->findAll(); 

    	$usernames=array(); 

    	foreach($users as $user) 

    	{

        	$usernames[]=$user->username;

    	}

    	$form->project = $project; 

    	$this->render('adduser',array('model'=>$form, 'usernames'=>$usernames)); 

	}

}



where I’m wrong?

Hi,

can you attach screenshot of your error… its easy to resolve problems :)

try to put the rules together in this way:




    ....

    array('allow',  // allow only authenticated user to perform 'index' and 'view' actions

         'actions'=>array('index','view', 'adduser','create','update'),

         'users'=>array('@'),

    ),

    .....



i’m not sure but i think the second part is overwriting the first.

Yaa i have similar problem, I have tried different ways to fixes it but no luck, I’ve attached a screen shot of the Error 403, generated by the ProjectController.php, and it is coming from these code :


if (!Yii::app()->user->checkAccess('createUser', array('project' => $project))) {

             throw new CHttpException(403, 'You are not authorized to perform this action  TA RARA AA.');

         }



Any Ideas ??

I decided to check if my code is right by removing the ‘!’ in


 if (!Yii::app()->user->checkAccess('createUser') 

, well I did it and I was able to access the page and add roles but isn’t my logic is wrong now.

Doodler you need to change this part


project = $this->loadModel();

with this


$project = $this->loadModel($id);