Session Time Out - Accessrules

ianbratley · November 17, 2013, 12:12pm

Hi

I have implemented user authentication/sessions and have a ‘User’ table which contains several ‘user_type’ for identifying the roles the users are allowed to undertake.

Inside my ‘UserIdentity.php’ file I assign the user type to the session as follows:




$this->setState('user_type', $user->user_type);

Everything is working well apart from when the user is inactive and the session expires.

I have used ‘expression’ inside my controllers ‘accessRules’ to identify the user type as shown here:




public function accessRules()

{

	return array(			

		array('allow', // allow Game Director user to perform all actions restricted to their Venue ID

			'actions'=>array('index','view','create','update'),

			'expression'=>"\$user->user_type=='gd'",

		),

		array('allow', // allow Venue user to perform all actions restricted to their Venue ID

			'actions'=>array('index','view','create','update','admin'),

			'expression'=>"\$user->user_type=='venue'", 

		),

		array('allow', // allow Master Admin user to perform all actions

			'actions'=>array('index','view','create','update','admin','delete','fulldelete'),

			'expression'=>"\$user->user_type=='master'", 

		),			

		array('deny',  // deny all other users

			'users'=>array('*'),

		),

	);

}

The problem I am getting is that when the session expires or the user try’s to access the page without login in I get the following error:




CException


Property "CWebUser.user_type" is not defined.


/Applications/MAMP/htdocs/bbYii/yii/web/auth/CWebUser.php(146)


134 

135     /**

136      * PHP magic method.

137      * This method is overriden so that persistent states can be accessed like properties.

138      * @param string $name property name

139      * @return mixed property value

140      */

141     public function __get($name)

142     {

143         if($this->hasState($name))

144             return $this->getState($name);

145         else

146             return parent::__get($name);

147     }




Stack Trace

#0	/Applications/MAMP/htdocs/bbYii/yii/web/auth/CWebUser.php(146): CComponent->__get("user_type")

#1	/Applications/MAMP/htdocs/bbYii/yii/base/CComponent.php(612) : eval()'d code(1): CWebUser->__get("user_type")

I have tried implementing several tutorials on how to gracefully redirect users to a login page once the session expires but have failed to get any success.

Any help would be most appreciated.

Many thanks

GPM

ianbratley · November 18, 2013, 12:25am

RESOLVED

It took a few hours but I finally found the cause of my issue.

It was in the accessRules

I had missed the check for the users been logged in ‘users’ => array(’@’)

After I added this everything worked as expected and the user was redirected without errors




public function accessRules()

	{

	return array(

		array('allow',

                'actions'=>array('index','view','create','update','admin','delete'),

                'expression'=>"\$user->user_type=='gd'",

                'users' => array('@'),

            ),            

            array('deny',  // deny all users

            	'users'=>array('*'),

            ),


	);

}