The CAuthManager class evals the bizRules with the following method:
public function executeBizRule($bizRule,$params,$data)
{
return empty($bizRule) || @eval($bizRule)!=0;
}
Note the ‘@’ sign which hides any feedback from the function if something fails or has an invalid syntax.
This makes it very difficult to find why your application is failing - things just don’t work, with no messages about why or where because the feedback is hidden.
So I subclassed the auth manager like so, so I can see and test what’s going on in the bizRule.
I would rather have an error on the page, which I can fix, than my app not working for some strange reason…
Perhaps change the codebase so the feedback is hidden in ‘production’ mode, but not otherwise?
class AuthManager extends CDbAuthManager
{
public function executeBizRule($bizRule,$params,$data)
{
if(empty($bizRule)) {
return true;
} else {
$result = eval($bizRule);
return $result != 0;
}
}
}