How to allow an employee to login to system only if role has been assigned by admin in yii2?

SoftwareAccount · September 28, 2017, 4:30pm

I am using yii2 basic and have implemented RBAC using permissions, roles.

I have Employee table and I have assigned Employee model to user application component.

Now the scenario is when admin creates employee he has to assign a role to that employee using auth_assignment CRUD.

Unless and until role has been assigned, the employee should not be able to login. Login page should be displayed to him with error message. (Similar to the scenario when incorrect username or password is entered by user.)

How to accomplish this?

skworden · October 2, 2017, 1:48pm

Everything you need to know is in this link

http://www.yiiframework.com/doc-2.0/guide-security-authorization.html

bobonov · October 5, 2017, 7:48am

in the login action, after verify the password and before populating the user identity, check if the user has any roles assigned.

If not, instead instantiate the user identity, just throw an error to the user

To assign roles/permission to a user, use the RBAC functionality rather than create your own model.

Check the link mentioned by @skworden

SoftwareAccount · October 6, 2017, 2:00pm

I have LoginForm model and site controller.

Foll is the LoginForm model

<?php

namespace app\models;

use Yii;

use yii\base\Model;

use yii\web\Session;

use app\models\AuthAssignment;

use app\models\Employee;

class LoginForm extends Model

{

public &#036;username;


public &#036;password;


public &#036;rememberMe = true;





private &#036;_user = false;








public function rules()


{


    return [


        [['username', 'password'], 'required'],


        ['rememberMe', 'boolean'],


        ['password', 'validatePassword'],


    ];


}





public function validatePassword(&#036;attribute, &#036;params)


{


    if (&#33;&#036;this-&gt;hasErrors()) {


        &#036;user = &#036;this-&gt;getUser();


		


		


        if (&#33;&#036;user || &#33;&#036;user-&gt;validatePassword(&#036;this-&gt;password)) {





            &#036;this-&gt;addError(&#036;attribute, 'Incorrect username or password.');


        }


    }


}





public function login()


{


    if (&#036;this-&gt;validate()) {


        return Yii::&#036;app-&gt;user-&gt;login(&#036;this-&gt;getUser(), &#036;this-&gt;rememberMe ? 3600*24*30 : 0);





		


    }


    return false;


}








public function getUser()


{


    if (&#036;this-&gt;_user === false) {


        &#036;this-&gt;_user = Employee::findByUsername(&#036;this-&gt;username) ;


    }





    return &#036;this-&gt;_user;


}

}

?>

Foll is the site controller where actionLogin() is as follows:

public function actionLogin()

{

$model = new LoginForm();

if ($model->load(Yii::$app->request->post()) && $model->login())

{

  return &#036;this-&gt;redirect(&quot;index.php?r=groupdetails&quot;);

}

else

 return &#036;this-&gt;render('login', [


        'model' =&gt; &#036;model,


    ]);

}

Where should I make changes, could you tell me in detail?

jacmoe · October 6, 2017, 2:07pm

You have already been told multiple times that you need to study - so go read the docs!

Edit:

The problem is not that you ask questions, but that you consistently ask other people to spoon feed / hand hold you each and every step of the way.

In this article - Help Vampires - this is how one would identify one:

Does he ask the same, tired questions others ask?
Does he clearly lack the ability or inclination to ask the almighty Google?
Does he refuse to take the time to ask coherent, specific questions?
Does he think helping him must be the high point of your day?
Is he obviously just waiting for some poor, well-intentioned person to do all his thinking for him?
Can you tell he really isn’t interested in having his question answered, so much as getting someone else to do his work?

Don’t be a help vampire, please.

So, how do you stop being a help vampire, then?

[list=1][]Keep troubleshooting. Often we learn that it’s easier to give up and ask for help rather than persisting—when we’d get our breakthrough if we’d only delay giving up for another 10 minutes. Respect yourself, go a little further before giving up.[]Google, of course. Try at least 3 or 4 searches before you give it up as hopeless.[]Mailing lists, forums, and newsgroups. Chances are, you’re not the first person on the Earth to have this problem. Luckily we live in an age where we can search the past. Check out these resources next.[]Docs. Sometimes they seem impenetrable, but give it a whack. The more you learn, the easier the documentation will be to understand and decipher.[*]Ask your question—but phrase it differently. Instead of asking your question directly, ask “Has anyone has seen this problem?” or “Can anyone point me in the right direction?” Likely as not, someone will have been there before, and they might know a blog posting or other resource which can help you out. This way, you show you are respectful of their time, and understand your problem is (probably) not unique.[/list]

[color="#8B0000"]/* closed */[/color]