Problem with accessRules

Archives Yii 1.0.x Discussions
1

Hi friends,

I have some problem with accessRules.

My intention is to check the login for relevant pages.

I wrote accessRules in one controller, say AccountsController as:





public function filters() {

        return array(

            'accessControl', // perform access control for CRUD operations

        );

    }

    

    public function accessRules() {

        return array(

            array('allow', // allow all users to perform 'index' and 'view' actions

                'actions' => array('index', 'forgotpassword', 'changepassword', 'register',

                    'captcha', 'login', 'confirmindividualuser',

                    'plans', 'confirmmerge', 'accountmerged', 'plandetails', 'individualaccount', 'registrationsuccess',

                    'forgotpasswordsuccess', 'individualprofile', 'invalid', 'company', 'companyprofile', 'logout'),

                'users' => array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions' => array('companyprofilesuccess','changepasswordsuccess'),

                'users' => array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions' => array('admin', 'delete'),

                'users' => array('admin'),

            ),

            array('deny', // deny all users

                'users' => array('*'),

            ),

        );

    }

Once login I have to redirect to another method which is in SurveyController.

So I wrote as :




    /**

     * @return array action filters

     */

    public function filters() {

        return array(

            'accessControl', // perform access control for CRUD operations

        );

    }


    /**

     * Specifies the access control rules.

     * This method is used by the 'accessControl' filter.

     * @return array access control rules

     */

    public function accessRules() {

        return array(

            array('allow', // allow all users to perform 'index' and 'view' actions

                'actions' => array(),

                'users' => array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions' => array('index', 'main', 'contacts', 'commercial', 'documents',

                    'form', 'savequestions', 'formaddsection', 'formaddquestion',

                    'formeditquestion', 'formdeletesection', 'formdeletequestion',

                    'picksection', 'pickquestion', 'preview', 'send', 'createlink'),

                'users' => array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions' => array('admin', 'delete'),

                'users' => array('admin'),

            ),

            array('deny', // deny all users

                'users' => array('*'),

            ),

        );

    }

Also I added the loginUrl in config file(main.php) as




'user' => array(

            // enable cookie-based authentication

            'allowAutoLogin' => true,

            'loginUrl'=>array('accounts/login'),

        ),

[color="#8B0000"]

But My problem is while I type the methods in SurveyController, the browser still showing the page without checking the user login. Please give me a solution … [/color]

Thanks in advance…

Jaison

2

Maybe this is because you have a first rule with empty ‘actions’:




      array('allow', // allow all users to perform 'index' and 'view' actions

           'actions' => array(),

           'users' => array('*'),

      ),

see http://www.yiiframework.com/doc/api/1.1/CAccessRule#actions-detail - if no actions specified then the rule applies to all actions.

3

Thanks friends but I am still having problem.

Now I wrote script as:




    public function accessRules() {

        return array(

            array('allow', // allow all users to perform 'index' and 'view' actions

                'actions' => array('invalid'),

                'users' => array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions' => array('index','main','contacts','commercial','documents','form','savequestions','formaddsection','formaddquestion','formeditquestion','formdeletesection','formdeletequestion','picksection','pickquestion','preview','send','createlink'),

                'users' => array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions' => array('invalid2'),

                'users' => array('admin'),

            ),

            array('deny', // deny all users

                'users' => array('*'),

            ),

        );

    }

[color="#8B0000"]

But I got error like "

The page isn’t redirecting properly

      Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept

cookies.

"

I remove cookies also. Still getting similar problem. Please help me.

[/color]

Thanks in advance…

4

Maybe the page you redirected to when not authenticated is also protected by access rule?

Most fast way to find out what is going on is to use debugger - you can set breakpoint in the index.php and step into yii code to find where redirect is performed and to what route. I usually do this when I have problems with url rules or access rules configuration when I can not understand why it works not right.

5

Thanks, but I am new in such technique. Can you tell me how to configure xdebug in xampp without affecting the server. I tried googling but I get confused. Can you please help me.

It could save my time. Actually I am stuck in front of it :(.

Thanks in advance…

Jaison

6

I think XAMPP should already include xdebug, so it can just work.

In short you need to:

  • install xdebug php extension

  • configure xdebug extension

  • setup some IDE (eclipse, netbeans, almost any IDE which supports php development also supports debugging with xdebug)

Try to search this forum and yii wiki for more details, for example: http://www.yiiframework.com/wiki/83/netbeans-ide-and-yii-projects/ and http://www.yiiframework.com/forum/index.php?/topic/16601-setup-xdebug-using-netbeans/.

If you plan to work with yii (or any other framework or even without framework) it is worth to invest some time in learning how to debug php code. This is also the best way to learn framework in my opinion.

7

Thanks friend,

I cud setup xdebug but still my issue exists…I cudn’t find out the issue using the xdebug… Any solution ? Please help me

8

Can you give more info?

How your main.php config looks like and what is now in your controllers.

Also what did you found with xdebug? Are you able to step code line by line and find where you redirected?

9

main.php(config file)





<?php


// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','path/to/local-folder');

// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

    'basePath' => dirname(__FILE__) . DIRECTORY_SEPARATOR . '..',

    'name' => 'Web App',

    // preloading 'log' component

    'preload' => array('log'),

    // autoloading model and component classes

    'import' => array(

        'application.models.*',

        'application.components.*',

        'application.controllers.*'

    ),

    'modules' => array(

        // uncomment the following to enable the Gii tool		

        'gii' => array(

            'class' => 'system.gii.GiiModule',

            'password' => 'yiid#m0',

            // If removed, Gii defaults to localhost only. Edit carefully to taste.

            'ipFilters' => array('127.0.0.1', '::1'),

        ),

    ),

    //application components

    'components' => array(

        'user' => array(

            // enable cookie-based authentication

            'allowAutoLogin' => true,

            'loginUrl'=>array('accounts/login'),

        ),        

        //uncomment the following to enable URLs in path-format		

        'urlManager' => array(

            'urlFormat' => 'path',

            'showScriptName' => false,

            'rules' => array('' => 'accounts/login'),

        ),

        // uncomment the following to use a MySQL database

        'db' => array(

            'connectionString' => 'mysql:host=localhost;dbname=sample',

            'emulatePrepare' => true,

            'username' => 'root',

            'password' => '',

            'charset' => 'utf8',

        ),

        'errorHandler' => array(

            // use 'site/error' action to display errors

            'errorAction' => 'site/error',

        ),

        'log' => array(

            'class' => 'CLogRouter',

            'routes' => array(

                array(

                    'class' => 'CFileLogRoute',

                    'levels' => 'error, warning',

                ),

            //uncomment the following to show log messages on web pages

            /*

              array(

              'class'=>'CWebLogRoute',

              ),

             */

            ),

        ),

        'session' => array(

            'class' => 'CDbHttpSession',

            'connectionID' => 'db',

        ),

        'authManager' => array(

            'class' => 'CDbAuthManager',

            'connectionID' => 'db',

        ),

    ),

    // application-level parameters that can be accessed

    // using Yii::app()->params['paramName']

    'params' => array(

        // this is used in contact page

        'adminEmail' => 'webmaster@example.com',

    ),

);

My AccountController accessRules()




    /**

     * @return array action filters

     */

    public function filters() {

        return array(

            'accessControl', // perform access control for CRUD operations

        );

    }

    /**

     * Specifies the access control rules.

     * This method is used by the 'accessControl' filter.

     * @return array access control rules

     */

    public function accessRules() {

        return array(

            array('allow', // allow all users to perform 'index' and 'view' actions

                'actions' => array('index', 'forgotpassword', 'changepassword', 'register',

                    'captcha', 'login', 'confirmindividualuser',

                    'plans', 'confirmmerge', 'accountmerged', 'plandetails', 'individualaccount', 'registrationsuccess',

                    'forgotpasswordsuccess', 'individualprofile', 'invalid', 'company', 'companyprofile', 'logout'),

                'users' => array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions' => array('companyprofilesuccess','changepasswordsuccess'),

                'users' => array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions' => array('admin', 'delete'),

                'users' => array('admin'),

            ),

            array('deny', // deny all users

                'users' => array('*'),

            ),

        );

    }

My SurveyController accessRules





    /**

     * @return array action filters

     */

    public function filters() {

        return array(

            'accessControl', // perform access control for CRUD operations

        );

    }

    /**

     * Specifies the access control rules.

     * This method is used by the 'accessControl' filter.

     * @return array access control rules

     */

    public function accessRules() {

        return array(

            array('allow', // allow all users to perform 'index' and 'view' actions

                'actions' => array('invalid'),

                'users' => array('*'),

            ),

            array('allow', // allow authenticated user to perform 'create' and 'update' actions

                'actions' => array('index','main','contacts','commercial','documents','form','savequestions','formaddsection','formaddquestion','formeditquestion','formdeletesection','formdeletequestion','picksection','pickquestion','preview','send','createlink'),

                'users' => array('@'),

            ),

            array('allow', // allow admin user to perform 'admin' and 'delete' actions

                'actions' => array('invalid2'),

                'users' => array('admin'),

            ),

            array('deny', // deny all users

                'users' => array('*'),

            ),

        );

    }
10

I think this is may be due to url rule:




'urlManager' => array(

        'urlFormat' => 'path',

        'showScriptName' => false,

        'rules' => array('' => 'accounts/login'),

),

If you want to set default controller and action then you can use appropriate web application property:




'defaultController' => 'accounts',

and in your controller you can set a default action




class AccountsController extends CController

{


  public $defaultAction = 'login';


...

}
11

Sorry Friend,

Still the same problem… Please help me … I am struck in front of it… :(

12

I have no other idea now, but I already started with help… So if you make a simple mini application where this problem is reproduced I can look at it locally and find what causes the problem. You can generate separate app or reduce your existing app or pack the whole existing app into archive and attach here.

13

Did you solved your problem?

14

Dear Friend,

No I couldn’t solve it… I put it in a side burner… :) to finish the remaining work…

But have to solve it… Any idea or solution for this?

Thanks,

Jaison

15

See my comment above - if you can provide a simple application with this problem I can check and solve it. I am almost sure it is something minor and can be easily solved.