Two different logins (front-end and back-end, or admin and member)

Hi all, I have some questions about login in with two different logins. I DO NOT want two different configs/applications, which seems to be the only one I can find info on.

I want the user to be able to be logged into one or the other independently. That is, they could be logged into both at the same time.

My first question is do I need two CWebUser, and do I need two different CUserIdentity? I will already be using two different user models and DB tables.

Second, how does the RBAC (I’m using CDbAuthManager) tie into this? I see that it compares the user id to check for access, but how is this done with two different logins? Can I distinguish between which identity I’m checking, do I have to make sure that the user IDs are unique across both models? E.g. I don’t want webuser 1 to have access to admin 1 just because they have the same primary key and/or username.

Thanks in advance.

For ease I used one table and just have a field specifying the user type (Normal or Admin).

Keeps things simple.

That was how I originally had it, but I find that I need to have the front-end users be quite different from the admin users. Two completely different models.

May be just add param for UserIdentity like $role (admin or user), and create different checks for them.




public $role;

//rewrite constructor for assign role

//It is only as idea, may be different variations

public function __construct($username,$password,$role)

{

  $this->role = $role;

  parent::__construct($username,$password);

}

public function authenticate()

{

   $method = $this->role.'Authenticate';

   $this->$method();

}

protected adminAuthenticate()

{

//code for admin auth

}

protected userAuthenticate()

{

//code for user auth

}



And in WebUser you only need to add right information from Identity to manage it.

Thank Newb, I will look into doing that. Your code draft looks promising.

How does this work with the Auth manager? Do I need to do anything for it to differentiate between the different classes with the same id?

You may add something like that




//User identity 

public function getRole()

{

  return $this->role;

}


//WebUser

public function setRole($role)

{

   $this->setState('__role',$role);

}


public function getRole()

{

   $this->getState('__role','Guest');

}


//Controllers

public function accessRules()

{

   return array(

      array(

         'allow',

         //Something like this 

         'expression'=>'$user->role == "Admin"'

      ),

      array(

         'deny',

         'users'=>array('*')

      ),

   );

}



RBAC is more complex, there you need to create Access rules and assign to your users roles with specific rules. And after you may check it in your actions or in filter. But if you need something like admin and user i don;t think RBAC is a good decision. I prefer to user RBAC when you have a lot of roles and access rules for them may intersect + very flexible system for giving and controlling access, but that’s wy it complex.

I need to use RBAC (on the backend especially) since there are several different levels of permission.

So you don’t want backend users to have access to front? or what? I don’t understand what is the problem? You want to have different login pages? No need. If you use RBAC and properly configured it, you can give or not give acces to any action or function of your app, also you can create own scenarios e.t.c. you even can dynamically assign or revoke permitions to any user - all in your hands.( All I mean Yii :) )

It comes down to having to use two different user models.