New guy wrestling with CPhpAuthManager

I’m rather new to the framework and working on getting basic foundation functionality squared away. I’m trying to get CPhpAuthManager working to use some basic RBAC functionality in my first site, but something peculiar seems to be happening. CPhpAuthManager seems to be loaded fine; Yii reads in my auth.php and does its formatting business to the file and all. I currently have only one role defined, and one user with that role set, but when I log in, the basic ‘is this working’ test code I threw into the main view is behaving the opposite of how I would expect it to.

I have a role ‘member’ defined in auth.php, my user is set as a member, but the code Yii::app()->user->checkAccess(‘member’) seems to be returning true only when I am logged out.

All of the relevant code (I’m pretty sure) is as follows:



class UserIdentity extends CUserIdentity


	private $_id;


	public function authenticate()


		$username = strtolower($this->username);


		$user = User::model()->find('LOWER(username)=?', array($username));


		if ($user === null)

			$this->errorCode = self::ERROR_USERNAME_INVALID;

		else if (!$user->validatePassword($this->password))

			$this->errorCode = self::ERROR_PASSWORD_INVALID;



			$auth = Yii::app()->authManager;


			if (!$auth->isAssigned($user->role, $this->_id))


				if ($auth->assign($user->role, $this->_id))






			$this->_id = $user->id;

			$this->username = $user->username;

			$this->errorCode = self::ERROR_NONE;



		return $this->errorCode == self::ERROR_NONE;


	public function getId()


		return $this->_id;





return array


	'member' => array


		'type' => CAuthItem::TYPE_ROLE,

		'description' => 'General User',

		'bizRule' => '',

		'data' => '',



snippet from config/main.php



			'class' => 'CPhpAuthManager'


snippet from views/layouts/main.php

<p><?php if (Yii::app()->user->checkAccess('member')) echo "member"; ?></p>

I appreciate any help you can provide for me with this. I’m starting to wade through the Yii code to try to better understand what happens in Yii::app()->user->checkAccess() but it’s not exactly easy for one who is new to this framework.

Ahh well I feel a bit silly. I was attempting to if (!$auth->isAssigned($user->role, $this->_id)) before doing $this->_id = $user->id;. Duh!

I’m still finding that Yii::app()->user->checkAccess(‘member’) is returning true for unauthenticated users for some reason. My actionLogout():

	public function actionLogout()


		$assigned_roles = Yii::app()->authManager->getRoles(Yii::app()->user->id); //obtains all assigned roles for this user id


		if (!empty($assigned_roles)) //checks that there are assigned roles


			$auth = Yii::app()->authManager; //initializes the authManager


			foreach ($assigned_roles as $n => $role)


				if ($auth->revoke($n, Yii::app()->user->id)) //remove each assigned role for this user

					Yii::app()->authManager->save(); //again always save the result








Bump? Anyone?

Maybe it would be easier to use default roles for your purpose. With default roles you don’t have to explicitly assign that role(s) to users cause it is done automatically.

Try setting the bizRule to

'bizRule'=> 'return !Yii::app()->user->isGuest;'

for your member role.

See the Authentication - Using Buisness Rules topic in the guide.

Ahh, that makes sense. Well, I guess what is confusing me is how others are going about doing this. There seems to be a significant lack of examples or documentation for this stuff. Like, the documentation just sort of drops off after showing how to (almost) complete the basic configuration.


try this

My two cents:

I would personaly advise you to revoke any auth items right before assigning them.

Otherwise if you’re logged in in two different browsers and you log out of one, trying to continue to use the website in the second browser there is a high probability that you will encounter error 403. That happened to me once.