RBAC: doesn't work for me.

I rewrote my controllers so that they extends BaseController. BaseController extends CController and assign user->role with user->id if user is not a guest.

Roles i’ve written in protected/data/auth.php

In protected/config/main.php i’ve determined component authManager (CPhpAuthManager).

In protected/components/UserIdentity.php i setup

 Yii::app()->user->setState('role', $user->role);

And in each controller in accessRules i’m preventing to actions users with agreeable roles.

But if i’m logged by admin with role “administrator” in database - yii spoke that i’m unauthorized :(

I revised all code, but didn’t found why it’s not works.

Help me please and sorry my bad English.

Do you want to use rbac with data base?

No. With PHP.

I have just printed $_SESSION and received this:



    [433c80b548e3fabdfe318b74f3a4a941__returnUrl] => /hand/index.php/admin/categories

    [433c80b548e3fabdfe318b74f3a4a941role] => administrator

    [433c80b548e3fabdfe318b74f3a4a941__id] => 1

    [433c80b548e3fabdfe318b74f3a4a941__name] => admin

    [433c80b548e3fabdfe318b74f3a4a941__states] => Array




Something is wrong with role variable?

Could you please show how do you do to check if you are authorized?

I’m not fully understand you. Maybe you mean this:

public function accessRules()


		return array(

			array('allow', // allow admin user to perform 'admin' and 'delete' actions




			array('deny',  // deny all users





I think you are supposed to do something like the example to get "roles" in accessRules working.


$auth->createRole('administrator', 'example role',NULL,NULL);

$auth->assign('administrator', $user_name);

I think user state can’t work like a role.

Where put this? To BaseController? Now there is that:


class BaseController extends CController {

    function init(){

        // Для гостей у нас и так роль по умолчанию guest.


            // Связываем роль, заданную в UserIdentity.authenticate(),

            // с идентификатором пользователя, возвращаемым UserIdentity.getId().

            Yii::app()->authManager->assign(Yii::app()->user->role, Yii::app()->user->id);




Try this.




 * UserIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.


class UserIdentity extends CUserIdentity


    private $_id;

    public function authenticate()


        $record = User::model()->findByAttributes(array('username'=>$this->username));







            $this->setState('title', $record->title);

            $this->setState('role', $record->role);



        return !$this->errorCode;



    public function getId(){

        return $this->_id;



Notice that there’s a new model attribute - ‘role’ (string).



class BaseController extends CController{


        public function init(){

            // only for non-guests, because guest automatically assigned with 'guest' role


                Yii::app()->authManager->assign(Yii::app()->user->role, Yii::app()->user->id);




Then just force your controllers to extend BaseController and check the role permissions in accessRules().