Three Kinds Of Authentications

Good afternoon,

I have a project that will develop for three types of access.

1 admin

2 User

3 company

I know I can restrict for admin pages and User this way:


                'actions'=>array('create', 'edit'),









admin = admin

user =?

company = do not know

However I need to know how to restrict the group company, as will a group of companies with varied login.

Hi AndroideLP,

first question is are you trying to restrict access to actions or access to some records?

If you are restricting access to actions then there is the full built-in RBAC, or if that is over-engineered for your needs I have one extra level implemented as follows:

In protected/components/UserIdentity.php (or whatever you have called it):

class UserIdentity extends CUserIdentity


    public function authenticate()


        # after authenticating the user


then in your controller->accessRules:


            'actions'=>array('index','grid','view', ..... ),



You can still use Yii::app()->user->isAdmin/ isGuest etc to control access to other actions. A good explanation can be found in the extending CWebUser tutorial.

If you wish to control access to records then one approach is to use a default scope using another user state. Assuming the records have a companyId field and a user can only see records from their own company, then in your models:

    public function defaultScope()


        return array(

            'condition' => $this->getTableAlias(false,false).'.companyId="'.Yii::app()->user->companyId.'"',



where companyId is set using a setState in UserIdentity.php (same as userType above).

In theory you can use Yii::app()->user->userType instead of getState("userType"), but I had some problems with that so used the longer call (there is a magic getter in CWebUser)

Hope this helps,


Thank you! His response was enlightening.

Really the option "Authorization Manager" will help me create the necessary rules for groups: user and company.