Create Custom Role

I am pretty new to yii and also to the yii forum.

I am stuck into new role creation and create access rules for the new role created. It will be very grateful if anyone can help me out.

Let me give my app scenario. I have two tables named account & user. I can’t change any filed in the database as it’s given by the client, and he has implemented this db at other place.

Account Table

I have one field account_type defining two roles:

  1. "Customer Support" - Super admin

  2. "Standard User" - Admin / user [Decided from user table]

User Table

I have one filed is_admin defining two roles :

  1. "Admin" - if Y then from the account table standard user is an admin.

  2. "User" - if N then from the account table standard user is a normal user.

So, finally it comes to three roles:

  1. "Customer Support"

  2. "Admin"

  3. "User"

For different roles i have to allow & restrict access to different locations in my application.

UserIdentity.php


public function authenticate()

	{

		$email = strtolower($this->username);

		$Users  = User::model()->find("LOWER(login_id)='$email' OR LOWER(email)='$email'");


                if($Users===null)

                    $this->errorCode=self::ERROR_USERNAME_INVALID;

                else if(!$this->validatePassword($Users->password_doubled_hash))

                    $this->errorCode=self::ERROR_PASSWORD_INVALID;

                else

                {

                    Yii::app()->user->setState('name',$Users->name);


                    if($Users->account->account_type == "Customer Support")

                    {

                        Yii::app()->user->setState('user_type',$Users->account->account_type);

                    }

                    else

                    {

                        if($Users->is_admin == 'Y')

                        {

                            Yii::app()->user->setState('user_type','Admin');

                        }

                        else

                        {

                            Yii::app()->user->setState('user_type','User');

                        }

                    }

                    $this->errorCode=self::ERROR_NONE;

                }

		return $this->errorCode==self::ERROR_NONE;

	}

indexController


public function accessRules()

	{

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('login','forgotPassword','error'),

				'users'=>array('*'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('index','logout','error'),

				'users'=>array('Customer Support'),

			),

                        array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('index','logout','error'),

				'users'=>array('Admin'),

			),

                        array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('index','logout','error'),

				'users'=>array('User'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

I am not able to access logout action if i login using any of the roles defined earlier.

How can i create custom roles for three roles defined earlier & access rules for the same?

I know the following method,




$auth=Yii::app()->authManager;


$bizRule='return !Yii::app()->user->isGuest;';

$auth->createRole('authenticated', 'authenticated user', $bizRule);

 

$bizRule='return Yii::app()->user->isGuest;';

$auth->createRole('guest', 'guest user', $bizRule);


$role = $auth->createRole('admin', 'administrator');

$auth->assign('admin',1); // adding admin to first user created



But in the above method the admin role is assigned to only one user whose id is 1.

I don’t want to be specific. I have to assign admin role who so ever is admin in my application.

Above is the static method and i want it to be dynamic.

Hopefully i have explained my problem clearly and with all details.

I am sorry if i have posted my question at the wrong place.

I am in need of urgent action for the above problem. Hopefully someone comes with right solution.

Thanks in advance.

use yii user + rights modules

check out the wiki

wiki

I am aware about suggestions provided by Rajith.

I want to know what can be done in my situation.

Anyone?

Hi

I know this is a bit old so I presume that you have already found a solution …

It looks to me as though you could extend the CWebUser class to define your roles

isAdmin, isUser, isSupport and then you can easily define your rules using those.

The differentiation between UserIdentity and WebUser being that UserIdentity is meant to establish that the user is who he claims to be and webuser is used to define/hold business required information about the user (authenticated or not).




public function accessRules()

        {

                return array(

                        array('allow',  // allow all users to perform 'index' and 'view' actions

                                'actions'=>array('login','forgotPassword','error', 'logout'),

                                'users'=>array('*'),

                        ),

                        array('allow', 

                                'actions'=>array('index','error'),

                                'expression'=>'Yii::app()->user->isSupport()',

                        ),

                        array('allow', 

                                'actions'=>array('index','error'),

                                'expression'=>'Yii::app()->user->isAdmin()',

                        ),

                        array('allow', 

                                'actions'=>array('index','error'),

                                'expression'=>'Yii::app()->user->isUser()',

                        ),

                        array('deny',  // deny all users

                                'users'=>array('*'),

                        ),

                );

        }



I’ve added logout to the All users category as I couldn’t understand why you would need to define it on each user level

Have you tried making an OR expression involving all the 3 like this:


array('allow', 

        'actions'=>array('index','error'),

        'expression'=>'Yii::app()->user->isUser() or Yii::app()->user->isSupport() or Yii::app()->user->isAdmin()',

     ),