Hi again,
I am trying to implement role based authentication in my application without success. I have a PhpAuthManager file in my protected/components with contents -
<?php
class PhpAuthManager extends CPhpAuthManager{
public function init(){
$auth=Yii::app()->authManager;
$changed = false;
if ($auth->getAuthItem('showLocation') === NULL) {
$auth->createOperation('showLocation','show locations');
$changed = true;
}
if ($auth->getAuthItem('listLocation') === NULL) {
$auth->createOperation('listLocation','list locations');
$changed = true;
}
if ($auth->getAuthItem('createLocation') === NULL) {
$auth->createOperation('createLocation','create locations');
$changed = true;
}
if ($auth->getAuthItem('updateLocation') === NULL) {
$auth->createOperation('updateLocation','update locations');
$changed = true;
}
if ($auth->getAuthItem('loginSite') === NULL) {
$auth->createOperation('loginSite','login action');
$changed = true;
}
if ($auth->getAuthItem('reader') === NULL) {
$role=$auth->createRole('reader');
$role->addChild('listLocation');
$role->addChild('showLocation');
$changed = true;
}
if ($auth->getAuthItem('editor') === NULL) {
$role=$auth->createRole('editor');
$role->addChild('reader');
$role->addChild('createLocation');
$changed = true;
}
if($auth->getAuthItem('admin') === NULL) {
$role=$auth->createRole('admin');
$role->addChild('editor');
$role->addChild('updateLocation');
$changed = true;
}
if($auth->getAuthItem('guest') === NULL) {
$role=$auth->createRole('guest');
$role->addChild('loginSite');
$changed = true;
}
if ($changed) {
$auth->save();
}
}
public function assignRole($role) {
$auth=Yii::app()->authManager;
//var_dump($auth->roles);
//var_dump($auth->isAssigned($role,Yii::app()->user->id));
if (!$auth->isAssigned($role,Yii::app()->user->id)) {
$auth->assign($role,Yii::app()->user->id);
$changed = true;
}
if ($changed) {
$auth->save();
}
//var_dump(Yii::app()->user->checkAccess('createLocation'));
}
}
?>
My UserIdentity class is like this -
<?php
class UserIdentity extends CUserIdentity
{
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
protected $_id;
public function authenticate(){
$user = new users;
$criteria=new CDbCriteria;
$criteria->condition='username=:username';
$criteria->params=array(':username'=>$this->username);
$user = $user->find($criteria);
if($user===null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else if($this->password !== $user->password ) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->_id = $user->id;
$this->errorCode = self::ERROR_NONE;
[b]$phpauthmanager = new PhpAuthManager;
$phpauthmanager->init();
$phpauthmanager->assignRole($user->role);[/b]
}
return !$this->errorCode;
}
public function getId(){
return $this->_id;
}
}
?>
While authenticating the user I am retrieving the role of the user from the database and trying to assign to the user. I am checking the access in the location controller as -
<?php
if(Yii::app()->user->checkAccess('createLocation')) {
//create the location
}
else {
//redirect to error page
}
?>
But this checkAccess is returning true sometime and false sometime for the same role if I logout and login again with the same role. Is there anything wrong in the code?
Another thing is if i want to access the application from multiple clients I think its mixing the roles. Doesn’t it keep sessions of each app user seperately?
Any help will be appriciated
Thanks!