i modified my UserIdentity controller in order to retrieve users from database… it kind of works. Then i have this scenario: i have two kind of users, admins and normal users. I need the admins to do everything on my data, and normal users to only access their data. To explain better, let’s say i have Users and Addresses tables. I’d like admin users to perform crud actions on both tables, and normal users to only modify their address.
If i understood well how YII works, i should modify UsersController.php’s accessRules function… but how? thanks a lot,
If you only have two user levels [admin & all others] than accessRules should be fine for you. Copy paste your accessRules function here and explain which actions should be adminwise and which should be userwise only.
actually i have many models, not only users and addresses… anyhow, here’s the “almost default” accessRules function on one of my controllers:
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('myemail@mydomain.com'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
Actually on my DB i store infos about user level, so i thought it would have been useful CDbAuthManager class… i “just” can’t get how to use it. Actually, YII is great, but a little bit hard to get to know by a newbie.
1: since in my Users table i have infos about the level of the user, i added a private $_level to UserIdentity component and initialize it to the user’s value i get from the DB. OK.
2: then, my idea would be to filter the lists of addresses in order to get only addresses whose user_id = logged user id for normal users and all addresses for admin users.
how should i do this? i saw there’s a filters function on controllers/AddressController.php… the name sounds great
A nice solution for authorization is to use Yii’s RBAC.
Instead of using your custom user-level, you can use rbac (refer to Yii documentation) and create the role ‘admin’.
You can create an interface for assign-revoke permissions to user ad easily ad manage your custom user-level.
If you will use Yii instriments, then you can do something like that
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'users'=>array('@'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'roles'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
That allows you to authorize all admin user (and not only one) to perform the action.
hei, thanks a lot, sounds great… actually i saw documentation about RBAC, but couldn’t find a way to istall that.
i think creating roles would be enough for me, but how can i create those?
I know my questions are quite stupid… i find it quite hard to find the right places where to make things in Yii. In this situation i should put a filter in my list of Address in order to get only the one connected to the user who is logged in (if he’s not an admin). If i get it well, this should be done in loadModel function in AddressController, right?
class MyWebUser extends CWebUser
{
public function getLevel($name){
$user=BoUsers::model()->find('LOWER(emailAddress)=?',array($name));
return $user->powerUser;
}
}
then in AddressController i filter addresses in actonIndex: