I have changed user login authenication to this database and its working perfect.
Now i have checked that i want to limit access to using * filters of User View to
if(Yii::app()->user->id) {
//action view of user in controller
}
but this doesnot work with filters having accessrules but this query works fine for static contact us pages
other problem is, no one defined it cleared, how to make User Modifiy its own details only? i cannot understand this thing. User can only update his own account not all of users.
I have RBAC done…
here is piece of chunk, what is issue with my bizRule
$auth=Yii::app()->authManager;
//creations of all roles
$this->_authManager->createOperation("createUser","create a new user");
$this->_authManager->createOperation("readUser","read user profile information");
$this->_authManager->createOperation("updateUser","update a user information");
$this->_authManager->createOperation("deleteUser","remove a user from site");
$bizRule='return Yii::app()->user->id==$params["id"]->authID;';
$task=$auth->createTask('updateOwnUser','update user account by user itself',$bizRule);
$task->addChild('updateUser');
according the current user to display some view/block or not ; this is normally done in view .
if the user has the role to access controller 's someAction ? this is done in filters/accessRules or rbac ;
the RBAC is not suitable for sns site type . but good at cms or backend .
in sns site there come out a new role “owner” . that is some one can only modify(create delete update )his/her own resource(blog , album , profile ) but others . you see— just your case
so it become more complicated . for display you should check whether the current user is the owner of resource and the actionXXX will do the same ;
everyone just gives examples for professional, they donot think juniors are unable to understand where to use that piece of block, what happens if experts could add a little more details