Hi there - I have been asked to help a small business with getting access to manage their site. For example, they have no access to add or update their main navigation menu, and there are many other features they have been shut out from by the original developer.6610
I am new to Yii, but not to CMS technology. Can anyone recommend a strategy? So far I have documented 5 different user rights modules/extensions. The clients’ site is on Yii v. 1.1.15. They’d originally requested a WordPress site and what they have is a highly restricted Yii site.
I have no idea what the relevance of that image might be, but about getting access. You might start by showing us the config file (remove the db passwords for security reasons before showing here ofc). And show the accessRules() function of the controller that gives access to the functionality you are interested in getting access to.
I am not an engineer, and have no idea of the significance of using a db connection based on a class and component, and that was not covered in the tutorial.
Thank you again for your help and direction with this project.The reason I included the screenshot in my initial post was to show that the admin role for this site has no CRUD access to the navigation systems. I have never worked in a CMS where that functionality is non-existent. And, the screenshots I’ve seen on the Yii Framework site indicate that CRUD exists for admins to manage menus. So, I am trying to figure out how to give it back to the clients.
Below is the code from the "protected/modules/admin/controllers/AuthController.php file.
<?php
/**
@property AdminModule $module
@method AdminModule getModule()
*/
class AuthController extends AdminController
{
public $layout = '//layouts/admin/standart';
public function accessRules()
{
return array(
array(
'deny',
'actions' => array('login'),
'users' => array('@'),
'verbs' => array('GET'),
),
);
}
/**
* Displays the login page
*/
public function actionLogin()
{
$model = new LoginForm;
// collect user input data
if ($this->request->isPostRequest) {
$model->attributes = $this->request->getPost('LoginForm', array());
// validate user input and redirect to the previous page if valid
if ($model->validate() && $model->login()) {
$returnUrl = '/' . (ltrim(Yii::app()->user->returnUrl, '/') ?: ltrim(Yii::app()->createUrl('admin/default/index'), '/'));
$this->redirect($returnUrl);
}
}
// display the login form
$this->render('login', array('model' => $model));
}
/**
* Logs out the current user and redirect to homepage.
*/
public function actionLogout()
{
Yii::app()->user->logout();
$this->redirect($this->createUrl('login'));
}
From the looks of it there is one route you can take to gain access.
You can look at the script LoginForm.php and find out what validations you need to mimick to create a username and password (or even find the admin username and change its password) by analysing what the function login() does and what validation rules are dfined.
The config shows that Yii rbac is being used (authManager class CPhpAuthManager). But since it is defined to assign the roles of admin, authenticated and guest to anyone, it seems like anyone who can login is an admin. However you can have a look at the file ‘protected/data/auth.php’ to see whether any of these roles are assigned to a user. Who knows.
The database connectivity is handled by the class in application.components.db.DbConnection, so have a look in the php script ../components/db/DbConnection.php.
