I have read about the access control and role based access control in "Agile Web Application Developement with Yii1.1 and PHP5" book and I am unable to get the difference between these.
So can anyone one please help me out of this problem…
I have read about the access control and role based access control in "Agile Web Application Developement with Yii1.1 and PHP5" book and I am unable to get the difference between these.
So can anyone one please help me out of this problem…
generally you can control and limit users access to any action in a controller via filters and accessRules function
/**
* @return array action filters
*/
public function filters() {
return array(
'accessControl', // perform access control for CRUD operations
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules() {
return array(
array('allow',
'actions' => array('create', 'update', 'admin', 'delete'),
'roles' => array('Operator',),
),
array('allow',
'actions' => array('index', 'view'),
'users' => array('username_1',),
),
);
}
as you can see in my example accessRules return array you give access to ‘create’, ‘update’, ‘admin’, ‘delete’ actions to any users with role = ‘Operator’ many user could have this role. but in the second part we give access to ‘index’, ‘view’ actions only to user with username = username_1
I hope you can understand the differentiation.
Thank you very much.
And i have also a problem in rbac …that i have generated hierarchy by
">>rbac"
command. and I want to give permission like Super admin(all the accessibility),admin(create,view),user(view) but I was unable to do so.
So could you please help me out of this problem?
to use rbac you should follow a simple instruction
define a role for a user for example create a field in your user table in database called ‘role’ with suitable value for each user SuperAdmin, Admin or User
next you should add these lines to your user identity class
$auth = Yii::app()->authManager;
if (!$auth->isAssigned($user->role, $this->_id)) {
if ($auth->assign($user->role, $this->_id)) {
Yii::app()->authManager->save();
}
}
to understand exactly what I say, you can see a copy of my UserIdentity class
<?php
/**
* UserIdentity represents the data needed to identity a user.
* It contains the authentication method that checks if the provided
* data can identity the user.
*/
class UserIdentity extends CUserIdentity {
// Need to store the user's ID:
private $_id;
private $_name;
private $_username;
private $_securityKey;
const ERROR_STATUS_LOCKED=3;
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate() {
$user = Users::model()->findByAttributes(array('username' => $this->username));
if ($user === null)
$this->errorCode = self::ERROR_USERNAME_INVALID;
else if ($user->password !== md5($this->password . Yii::app()->params['saltString']))
$this->errorCode = self::ERROR_PASSWORD_INVALID;
else if ($user->status === 'locked')
$this->errorCode = self::ERROR_STATUS_LOCKED;
else {
$this->_id = $user->id;
$this->_name = $user->name;
$this->_username = $this->username;
$auth = Yii::app()->authManager;
if (!$auth->isAssigned($user->role, $this->_id)) {
if ($auth->assign($user->role, $this->_id)) {
Yii::app()->authManager->save();
}
}
$this->errorCode = self::ERROR_NONE;
$this->_securityKey = md5(rand(1, 10000));
$this->_secureLogin();
$this->setState('securityKey', $this->_securityKey);
}
return!$this->errorCode;
}
public function getId() {
return $this->_id;
}
public function getName() {
return $this->_name;
}
public function getUsername() {
return $this->_username;
}
protected function _secureLogin() {
$user = Users::model()->findByPk($this->_id);
$user->last_visit = time();
$user->last_ip = ip2long(Yii::app()->request->getUserHostAddress());
$user->security_key = $this->_securityKey;
$user->save();
}
}
please feel free to ask any other question, if you have
Thanks=