What am I overlooking in RBAC and bizRule?

I’ve been following the tutorial (among others) http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control trying to implement RBAC with bizRules.

The first rule I’m trying to define is to allow a user to be able to update their own account but not others. I’m doing this in User::actionUpdate() Like so:



if(Yii::app()->user->checkAccess('updateOwnUser', $params))

The tasks, operations and roles are defined as so and are present in the database as expected:

$bizRule='return Yii::app()->user->id==$params["User"]->id';

$task=$this->_authManager->createTask('updateOwnUser','Update your own account.', $bizRule);



$this->_authManager->assign('manager', 1); // manager inherits reader

The user (in this case user->id ==1) has been assigned to a role that inherits ‘reader’ and should therefore be able to update their own account. However the checkAccess() method always returns false. If I add this code before checkAccess():

die(  Yii::app()->user->id .' == '. $params["User"]->id );

I will see:

1 == 1

which is what I expect.

I feel that I’m like I’m overlooking something as it all seems straight forward but not working.

Can anyone tell me what I’ve done wrong?

Does anyone have some thoughts on my RBAC issue? Any direction would be greatly appreciated.

I spend a good hour trying to figure out the similar issue. The problem was in a stupid syntax error inside a bizRule string. It appears that Yii is never throwing an error, just quietly swallows it and returns FALSE in eval cases like this one.

I can’t see any problem with your code. But, just in case, here’s a snapshot of one (of the two) Yii books:

    $row1 = $this->projUserRole['row1'];


    $project = Project::model()->findByPk($row1['project_id']);

    $auth = Yii::app()->authManager;

    $bizRule = 'return isset($params["project"]) && $params["project"]->isUserInRole("member");';

    $auth->assign('member', $row1['user_id'], $bizRule);

    $params = array('project' => $project);

    $this->assertTrue(Yii::app()->user->checkAccess('updateIssue', $params));

Hopefully, that helps.

Thanks Nick,

You’re right. It was an syntax issue. I was missing a simple semi-colon at the end of the statement.