New guy wrestling with CPhpAuthManager

martian · September 14, 2011, 2:32pm

I’m rather new to the framework and working on getting basic foundation functionality squared away. I’m trying to get CPhpAuthManager working to use some basic RBAC functionality in my first site, but something peculiar seems to be happening. CPhpAuthManager seems to be loaded fine; Yii reads in my auth.php and does its formatting business to the file and all. I currently have only one role defined, and one user with that role set, but when I log in, the basic ‘is this working’ test code I threw into the main view is behaving the opposite of how I would expect it to.

I have a role ‘member’ defined in auth.php, my user is set as a member, but the code Yii::app()->user->checkAccess(‘member’) seems to be returning true only when I am logged out.

All of the relevant code (I’m pretty sure) is as follows:

components/UserIdentity.php




<?php

class UserIdentity extends CUserIdentity

	{

	private $_id;

	

	public function authenticate()

		{

		$username = strtolower($this->username);

		

		$user = User::model()->find('LOWER(username)=?', array($username));

		

		if ($user === null)

			$this->errorCode = self::ERROR_USERNAME_INVALID;

		else if (!$user->validatePassword($this->password))

			$this->errorCode = self::ERROR_PASSWORD_INVALID;

		else

			{

			$auth = Yii::app()->authManager;

			

			if (!$auth->isAssigned($user->role, $this->_id))

				{

				if ($auth->assign($user->role, $this->_id))

					{

					Yii::app()->authManager->save();

					}

				}

			

			$this->_id = $user->id;

			$this->username = $user->username;

			$this->errorCode = self::ERROR_NONE;

			}

		

		return $this->errorCode == self::ERROR_NONE;

		}


	public function getId()

		{

		return $this->_id;

		}

	}

data/auth.php




<?php

return array

	(

	'member' => array

		(

		'type' => CAuthItem::TYPE_ROLE,

		'description' => 'General User',

		'bizRule' => '',

		'data' => '',

		),

	);

snippet from config/main.php




		'authManager'=>array

			(

			'class' => 'CPhpAuthManager'

			),

snippet from views/layouts/main.php




<p><?php if (Yii::app()->user->checkAccess('member')) echo "member"; ?></p>

I appreciate any help you can provide for me with this. I’m starting to wade through the Yii code to try to better understand what happens in Yii::app()->user->checkAccess() but it’s not exactly easy for one who is new to this framework.

martian · September 14, 2011, 3:48pm

Ahh well I feel a bit silly. I was attempting to if (!$auth->isAssigned($user->role, $this->_id)) before doing $this->_id = $user->id;. Duh!

I’m still finding that Yii::app()->user->checkAccess(‘member’) is returning true for unauthenticated users for some reason. My actionLogout():


	public function actionLogout()

		{

		$assigned_roles = Yii::app()->authManager->getRoles(Yii::app()->user->id); //obtains all assigned roles for this user id

		

		if (!empty($assigned_roles)) //checks that there are assigned roles

			{

			$auth = Yii::app()->authManager; //initializes the authManager

			

			foreach ($assigned_roles as $n => $role)

				{

				if ($auth->revoke($n, Yii::app()->user->id)) //remove each assigned role for this user

					Yii::app()->authManager->save(); //again always save the result

				}

			}

		

		Yii::app()->user->logout();

		

		$this->redirect(Yii::app()->homeUrl);

		}

martian · September 15, 2011, 2:13pm

Bump? Anyone?

kokomo · September 15, 2011, 2:38pm

martian:

data/auth.php




<?php

return array

	(

	'member' => array

		(

		'type' => CAuthItem::TYPE_ROLE,

		'description' => 'General User',

		'bizRule' => '',

		'data' => '',

		),

	);

Maybe it would be easier to use default roles for your purpose. With default roles you don’t have to explicitly assign that role(s) to users cause it is done automatically.

Try setting the bizRule to




'bizRule'=> 'return !Yii::app()->user->isGuest;'

for your member role.

See the Authentication - Using Buisness Rules topic in the guide.

martian · September 15, 2011, 2:53pm

Ahh, that makes sense. Well, I guess what is confusing me is how others are going about doing this. There seems to be a significant lack of examples or documentation for this stuff. Like, the documentation just sort of drops off after showing how to (almost) complete the basic configuration.

drylko · September 15, 2011, 5:10pm

Hi,

try this http://www.yiiframework.com/wiki/65/how-to-setup-rbac-with-a-php-file

My two cents:

I would personaly advise you to revoke any auth items right before assigning them.

Otherwise if you’re logged in in two different browsers and you log out of one, trying to continue to use the website in the second browser there is a high probability that you will encounter error 403. That happened to me once.

Cheers