I have tried to allow only admin Role to have access to adminAction
in the demo PostController via accessRules but without success
This way does not works:
public function accessRules()
{
return array(
array('allow', // allow all users to access 'index' and 'view' actions.
'actions'=>array('index,view'),
'users'=>array('*'),
),
array('allow',
'actions'=>array('admin'),
'roles'=>array('admin'),
),
array('allow', // allow authenticated users to access all actions
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
This way it works:
public function actionAdmin()
{
$auth=Yii::app()->authManager;
$model=new Post('search');
if(isset($_GET['Post']))
$model->attributes=$_GET['Post'];
if($auth->checkAccess('admin',Yii::app()->user->name))
$this->render('admin',array(
'model'=>$model,
));
else throw new CHttpException(403, 'You are not authorized to perform this action');
}
Putting roles with custom RBAC did not work as expected, however I was able to make the following:
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to access 'index' and 'view' actions.
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow',
'actions'=>array('admin'),
'expression'=>"Yii::app()->authManager->checkAccess('admin',Yii::app()->user->name)",
//'roles'=>array('admin'),
),
array('allow', // allow authenticated users to access all actions
'actions'=>array('index','view','create','update','delete','SuggestTags'),
'users'=>array('@'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
Here I used an expression: ‘expression’=>“Yii::app()->authManager->checkAccess(‘admin’,Yii::app()->user->name)”,
This way I do not have to check in all action I want some Roles to be checked but it would be better to use roles instead because if I want 2 roles to have access I have to make an OR expression with seems horrible to me
Ok I will have that on mind, if you say it is better, I used username because in the table AuthAssignment I see userId to be a character containing the username.
In table AuthItem I have defined a Role: admin 2 NULL N;
In table AuthAssignment I have a user to that role: admin adminD NULL N;
In table tbl_user that user exists: 5 adminD $2a$10$JTJf6... adminD@gmail.com NULL
Thanks you guys!!! you are awesome (phtamas and rahif) you did it work as expected, I really appreciate your help with this, I am newbie in yii (3 weeks coding) and this is really helpfull for me.
As you have said (itemname,userid,bizrule,data) = (admin,5,null,null) solves the problem seems yii check userId as you suggested, for now on I am gonna use IAuthManager::assign() for assign auth, I did it the way it says here http://www.yiiframework.com/doc/guide/1.1/es/topics.auth (I think the documentation is old).