I am a newbie to Yii. I am building a sample website with yii. The website is for a company with several branches and each branch with an employee.
I am trying to setup a role based authentication system.
user (employee) should only view certain pages.
admin has all the privileges of a user plus can add/view/update/delete users.
superadmin has all the privileges of an admin plus can add/view/update/delete branches.
The admin and superadmin are fixed. I think static auth entries like admin/password , superadmin/password will be ok.
users are authenticated from database.
I have two tables i.e. users and branches. i have used gii to generate their front ends. I customized the application to my needs.
I need to establish the RBAC.
This is the authenticate() function in UserIdentity.php
public function authenticate()
{
// Authentication using database table
$user = User::model()->findByAttributes(array('username'=>$this->username));
if($user === null){
// No user record found
$this->errorCode=self::ERROR_USERNAME_INVALID;
}
else if($user->password !== $this->password){
// Invalid Password
$this->errorCode=self::ERROR_PASSWORD_INVALID;
}
else {
// Both username and password okay
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
Added this to the components in the config/main.php
'authManager'=>array(
'class'=>'CDbAuthManager',
'connectionID'=>'db',
),
I have also added some tasks, operations and roles to an actionSetup() function in SiteController.php
Can i use a combination of both static and database authentication?
Kindly guide me! Thanks!