Hi Chris, thanks so much for your comments - much appreciated
That makes sense, I wasn’t really thinking about performance! I’ve tested this out and can confirm it works. So the modifications if anybody wants to use this method to automatically assign the ‘Authenticated’ role to users on registration (and admin creation) are as follows:
In main/config.php, add only the ‘Guest’ role in the ‘defaultRoles’ definition (needs to remain as an array I believe):
'authManager'=>array(
'class'=>'RightsAuthManager', // provides support for authorization item sorting
// assign default roles to all users, then use bizrules in Rights
// to distinguish between 'Guest' and 'Authenticated' users
'defaultRoles'=>array('Guest'),
),
Edit - the above code is for Rights version 1.1.0. If you have upgraded to 1.2.0 (see below), the class should be renamed to ‘RDbAuthManager’.
Now to automatically assign the ‘Authenticated’ role to users on registration, modify the user/controllers/RegistrationController.php page.
In the actionRegistration() function, change:
...
if ($model->save()) {
$profile->user_id=$model->id;
$profile->save();
if (Yii::app()->controller->module->sendActivationMail) {
...
to…
...
if ($model->save()) {
$profile->user_id=$model->id;
$profile->save();
// assign user the 'Authenticated' role for Rights module
$authenticatedName = Rights::module()->authenticatedName;
Rights::assign($authenticatedName, $model->id);
if (Yii::app()->controller->module->sendActivationMail) {
...
And to ensure that users created using the admin creation screen are also assigned to the ‘Authenticated’ role, modify the user/controllers/AdminController.php page.
In the actionCreate() function, change:
...
if($model->validate()&&$profile->validate()) {
$model->password=Yii::app()->controller->module->encrypting($model->password);
if($model->save()) {
$profile->user_id=$model->id;
$profile->save();
}
$this->redirect(array('view','id'=>$model->id));
}
...
to…
...
if($model->validate()&&$profile->validate()) {
$model->password=Yii::app()->controller->module->encrypting($model->password);
if($model->save()) {
$profile->user_id=$model->id;
$profile->save();
// assign user the 'Authenticated' role for Rights module
$authenticatedName = Rights::module()->authenticatedName;
Rights::assign($authenticatedName, $model->id);
}
$this->redirect(array('view','id'=>$model->id));
}
...
Note: using this method, business rules are no longer needed in Rights for either the ‘Guest’ or ‘Authenticated’ roles (which as Chris points out, will improve performance).
This solution worked for me, but I appreciate any suggestions for improvements, i.e. maybe there are less intrusive ways to assign these roles. Suggestions welcome, and thanks again to Chris who provided the code for the above role assignments!
Cheers, Rob