Yii authentication

Yii 1.1 General Discussion
1

I have created a User table known as tbl_user.

I have changed user login authenication to this database and its working perfect.

Now i have checked that i want to limit access to using * filters of User View to


if(Yii::app()->user->id) { 

//action view of user in controller

}

but this doesnot work with filters having accessrules but this query works fine for static contact us pages :)

other problem is, no one defined it cleared, how to make User Modifiy its own details only? i cannot understand this thing. User can only update his own account not all of users.

I have RBAC done…

here is piece of chunk, what is issue with my bizRule


	$auth=Yii::app()->authManager;


	//creations of all roles

	$this->_authManager->createOperation("createUser","create a new user");

	$this->_authManager->createOperation("readUser","read user profile information");

	$this->_authManager->createOperation("updateUser","update a user information");

	$this->_authManager->createOperation("deleteUser","remove a user from site");

	$bizRule='return Yii::app()->user->id==$params["id"]->authID;';

	$task=$auth->createTask('updateOwnUser','update user account by user itself',$bizRule);

	$task->addChild('updateUser');
2

about the auth two aspect should consider :

display and access ;

according the current user to display some view/block or not ; this is normally done in view .

if the user has the role to access controller 's someAction ? this is done in filters/accessRules or rbac ;

the RBAC is not suitable for sns site type . but good at cms or backend .

in sns site there come out a new role “owner” . that is some one can only modify(create delete update )his/her own resource(blog , album , profile ) but others . you see— just your case :D

so it become more complicated . for display you should check whether the current user is the owner of resource and the actionXXX will do the same ;

one solution is about the url . every access the url will contain the resource owner . for example: mySite.com/u/yiqing/album ; mySite.com/u/yiqing/blog ; moSite.com/u/yiqing/profile

then for check the role “owner” : Yii::app()-user->getName() == $_GET[‘u’] the name is unique in whole site

do you see my idea ? :D

3

Thanks, i have managed this what i needed :)

one more thing i am stuck now, i have a table domain


<div class="row">

		<?php echo $form->labelEx($model,'user'); ?>

		<?php echo $form->textField($model,'user'); ?>

		<?php echo $form->error($model,'user'); ?>

	</div>

its asking user as integer, let say if logged in with user id 2, and enter 2 in this field, it works fine

how can i automatically place user id here in this field , that logged in user id automatically fills this field

4

my above issue is similar to this

everyone just gives examples for professional, they donot think juniors are unable to understand where to use that piece of block, what happens if experts could add a little more details

5

Ok i have done this

there is no need to fill the field :D remove it from view

and use this code in model




	protected function beforeSave()

	{

		if(parent::beforeSave())

		{

			if($this->isNewRecord)

			{

				$this->user=Yii::app()->user->id;

			}

			return true;

		}

		else

			return false;

	}