yii-user integration

Yii 1.1 General Discussion
1

Hello Guys,

I just created a simple project called "My Notes" following the yii tutorial.

My database has one table with 4 fields: ID, Title, Notes and Date.

So when I log in with my admin credentials I can create, delete and update any note ok?

So far everything is perfect and working.

But now I installed the yii-user extension and I want that every registered user can create/delete/update his own notes.

What should I change in my database in order to do that and what changes in the relations?

Please help me!!!

2

At least you have to add a new field to your Note table, ‘author_id’ for example to indicate who is the owner of the note.

And, while you can use yii-user to authenticate users, it doesn’t authorize users to control the access to the functions or the resources.

If you are not sure about authentication and authorization, you need to learn them first in the guide.

http://www.yiiframework.com/doc/guide/1.1/en/topics.auth

[color="#2E8B57"]/* NOTE : Please do not post duplicated posts in different forums. The same topic of yours in Extension forum will be deleted. */[/color]

3

Thanks for the tip but I’m just beginning with yii and this is the last thing that I need to do in order to launch my project.

I added the author_id in my database and I read the authentication wiki but I’m not sure what to do next. Could you help me being more specific?

I’m sorry about the duplication. It never going to happen again ;)

4

It’s a common requirement to allow the deleting and editing of a post (or a note, in your case) only to the author of it (and also to the administrators of the system).

But, as a matter of fact, it’s not so easy to implement as you might think. It’s one of the most difficult parts of a web application in general. This is not only true with Yii, but also with every framework in the world.

The extensions like yii-user may somewhat make it easier to implement it, but you will definitely need to know the auth mechanism of Yii as the basis.

Did you walk through the "Blog Tutorial", BUILDING A BLOG SYSTEM USING YII?

You can learn the basic authentication and authorization in Authenticating User section of it.

Thanks. :)

5

I thought that was going to be simple and my project is almost done:

http://www.ichurchnotes.com/demo

but it’s just missing this part and I don’t know anyone to help me. I don’t have too much money because I’m working in this project by my self but would you be able to help me doing this? I’m willing to pay depending in how much you charge because I already read a lot of tutorials and I’ve been staying up all night for the past weeks just because of that.

Or if you are not able to help me, do you know someone that can?

Regards ;)

6

Wow, the demo looks nice. I like this kind of simpleness. :)

About your proposal on a business relation, I have to say sorry that I can’t do it.

You may try to find a partner using “Job Opportunities” forum … although I’m a little skeptical about the possibility of finding a good partner, you may try it anyway.

Money do matters in a business relation.

7

This will be the possible milestones of your project.

  1. Integrate yii-user module

If you have not integrated yii-user yet, you should do it first.

When you have trouble, you can search and ask it in "Extensions" forum.

  1. Modify model

Modify your Note model to record the author ID when a note is created.

  1. Modify controller

Modify the controller to allow the access to ‘view’, ‘update’ and ‘delete’ actions only to the authorized users, i.e., the author of the requested note or the superuser.

You may allow the ‘view’ action to every logged-in user, or even to the guests. It depends on your design.

You can do it basically by comparing the current user ID and the author ID of the requested note.

Every unauthorized access should result in CHttpException, like 401 or 404.

  1. Modify views

Your view should not show the links to update or delete the notes that are not allowed to the current user. You don’t want to see the links or buttons that will only lead you to an error page that says “You are not authorized …”.

It means that you have to dynamically modify the output of the items in a list, for example.

This is also done basically by comparing the current user ID and the author ID of the note.

Note that implementing 4) doesn’t cancel the necessity of implementing 3).

I hope it makes some sense to you. :)

8

Thanks man I appreciate it. I’ve been learning a lot with this this past weeks and I’m loving.

I did integrate yii-user already and it’s working great: http://www.ichurchnotes.com/demo/index.php?r=user/registration

But don’t even try to register because I disabled some stuffs. It’s just for test.

Everything that you said makes sense but as I’m on my own this time I already posted on Elance to find some help and I found someone but thanks for the teaching. As soon I release this project I will send you a link ;)