RBAC: doesn't work for me.

Archives Yii 1.0.x Discussions
1

I rewrote my controllers so that they extends BaseController. BaseController extends CController and assign user->role with user->id if user is not a guest.

Roles i’ve written in protected/data/auth.php

In protected/config/main.php i’ve determined component authManager (CPhpAuthManager).

In protected/components/UserIdentity.php i setup


 Yii::app()->user->setState('role', $user->role);

And in each controller in accessRules i’m preventing to actions users with agreeable roles.

But if i’m logged by admin with role “administrator” in database - yii spoke that i’m unauthorized :(

I revised all code, but didn’t found why it’s not works.

Help me please and sorry my bad English.

2

Do you want to use rbac with data base?

3

No. With PHP.

4

I have just printed $_SESSION and received this:


Array

(

    [433c80b548e3fabdfe318b74f3a4a941__returnUrl] => /hand/index.php/admin/categories

    [433c80b548e3fabdfe318b74f3a4a941role] => administrator

    [433c80b548e3fabdfe318b74f3a4a941__id] => 1

    [433c80b548e3fabdfe318b74f3a4a941__name] => admin

    [433c80b548e3fabdfe318b74f3a4a941__states] => Array

        (

        )


)

Something is wrong with role variable?

5

Could you please show how do you do to check if you are authorized?

6

I’m not fully understand you. Maybe you mean this:


public function accessRules()

	{

		return array(


			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete','create','update','list','show'),

				'roles'=>array('administrator'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}
7

I think you are supposed to do something like the example to get "roles" in accessRules working.




$auth=Yii::app()->authManager;

$auth->createRole('administrator', 'example role',NULL,NULL);

$auth->assign('administrator', $user_name);

I think user state can’t work like a role.

8

Where put this? To BaseController? Now there is that:


<?php

class BaseController extends CController {

    function init(){

        // Для гостей у нас и так роль по умолчанию guest.

        if(!Yii::app()->user->isGuest){

            // Связываем роль, заданную в UserIdentity.authenticate(),

            // с идентификатором пользователя, возвращаемым UserIdentity.getId().

            Yii::app()->authManager->assign(Yii::app()->user->role, Yii::app()->user->id);

        }

    }

}
9

Try this.

Useridentity.php


<?php


/**

 * UserIdentity represents the data needed to identity a user.

 * It contains the authentication method that checks if the provided

 * data can identity the user.

 */

class UserIdentity extends CUserIdentity

{

    private $_id;

    public function authenticate()

    {

        $record = User::model()->findByAttributes(array('username'=>$this->username));

        if($record===null){

            $this->errorCode=self::ERROR_USERNAME_INVALID;

        }elseif($record->password!==md5($this->password)){

            $this->errorCode=self::ERROR_PASSWORD_INVALID;

        }else{

            $this->_id=$record->id;

            $this->setState('title', $record->title);

            $this->setState('role', $record->role);

            $this->errorCode=self::ERROR_NONE;

        }

        return !$this->errorCode;

    }

 

    public function getId(){

        return $this->_id;

    }

}

Notice that there’s a new model attribute - ‘role’ (string).

BaseController:


<?php


class BaseController extends CController{

       

        public function init(){

            // only for non-guests, because guest automatically assigned with 'guest' role

            if(!Yii::app()->user->isGuest){

                Yii::app()->authManager->assign(Yii::app()->user->role, Yii::app()->user->id);

            }        

        }

}

Then just force your controllers to extend BaseController and check the role permissions in accessRules().