Fixing The Login

Yii 1.1 General Discussion
1

Hey guys,

Im fairly new to yii and is working on my first project.

I have a small issue with fixing the login, i have several different user levels which can do a specific set of tasks.

I have a login table with fields

username

password

level

How can i create a login so that only the tasks relevant to that particular level is displayed??

Any reading material or any help is greatly appreciated…

Thanks a lot for your time…

Cheerz!

2

Use Rights extension to manage user’s level:

http://www.yiiframework.com/extension/rights/

3

@Fabrizio Caldarelli - Thanks a lot for the reply!

I meddled with Rights extension for a day,and couldnt get the hang of it. So i tried the basic AuthManager, with RBAC stil no luck. :(

in my UserIdentity (my authentication function):-




public function authenticate()

	{

        $record=  Logindetails::model()->findByAttributes(array('Username'=>$this->username));

        

        if($record===null)

            $this->errorCode=self::ERROR_USERNAME_INVALID;

        

        else if($record->Password !== $this->password )

            $this->errorCode=self::ERROR_PASSWORD_INVALID;

        

        else

        {

            $this->_id=$record->id;

            $this->setState('title', $record->title);

            $this->errorCode=self::ERROR_NONE;

        }

        

        return !$this->errorCode;


}

Implemented the business rules as :-




                $auth=Yii::app()->authManager;


                $bizRule='return !Yii::app()->user->isGuest;';

                $auth->createRole('authenticated', 'authenticated user', $bizRule);

 

                $bizRule='return Yii::app()->user->isGuest;';

                $auth->createRole('guest', 'guest user', $bizRule);


                $role = $auth->createRole('admin', 'administrator');

                $auth->assign('admin',1); // adding admin to first user created

Had my controllers accessRules as :-




 public function accessRules(){

        return array(

        array('allow', // allow anyone to register

              'actions'=>array('create'), 

              'users'=>array('*'), // all users

        ),

        array('allow', // allow authenticated users to update/view

              'actions'=>array('update','view'), 

              'roles'=>array('authenticated')

        ),

        array('allow', // allow admins only to delete

              'actions'=>array('delete'), 

              'roles'=>array('admin'),

        ),

        array('deny', // deny anything else

              'users'=>array('*'),

        ),

    );

But when i logged in as admin i am unable to view or update. 403 error gets thrown :(

Any help is appreciated :)…!

Thanks a lot for your time! :)

Cheerz!