Menu
I am learning Yii and am trying to develop RBAC now the issue is that I have created roles and so on executed that script via shell I have database tables in place and that Roles and everything gets populated. now I donot know why but
if(Yii::app()->user->checkAccess('admin'))
echo 'Admin';
else
echo 'No Admin';
always return No admin .What I am trying to do is display a different menu based on user type i.e it is admin or reader or manager and so on. but this fails.
I am attaching my role assignment also here
<?php
class RbacCommand extends CConsoleCommand
{
private $_authManager;
public function getHelp()
{return <<<EOD
USAGE
rbac
DESCRIPTION
This command generates an initial RBAC authorization hierarchy.
EOD;
}
/**
* Execute the action.
* @param array command line parameters specific for this command
*/
public function run($args)
{
echo "SHELLLLLLLLLL.\n";
//ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
if(($this->_authManager=Yii::app()->authManager)===null)
{
echo "Error: an authorization manager, named 'authManager'
must be configured to use this command.\n";
echo "If you already added 'authManager' component in
application configuration,\n";
echo "please quit and re-enter the yiic shell.\n";
return;
}
//provide the oportunity for the use to abort the request
echo "This command will create three roles: Admin, Manager, and Reader and the following premissions:\n";
echo "create, read, update and delete Hotels\n";
echo "create, read, update and delete Items\n";
echo "create, read, update and delete Users\n";
echo "create, read, update and delete Category\n";
echo "Would you like to continue? [Yes|No] ";
//check the input from the user and continue if they indicated yes to the above question
if(!strncasecmp(trim(fgets(STDIN)),'y',1))
{
//first we need to remove all operations, roles, child relationship and assignments
$this->_authManager->clearAll();
//create the lowest level operations for users
$this->_authManager->createOperation("createUser","create a new user");
$this->_authManager->createOperation("readUser","read user profile information");
$this->_authManager->createOperation("updateUser","update a users information");
$this->_authManager->createOperation("deleteUser","remove a user from a Hotel");
////create the lowest level operations for projects
$this->_authManager->createOperation("createHotel","create a new Hotel");
$this->_authManager->createOperation("readHotel","read Hotel information");
$this->_authManager->createOperation("updateHotel","update Hotel information");
$this->_authManager->createOperation("deleteHotel","delete a Hotel");
////create the lowest level operations for Category
$this->_authManager->createOperation("createCategory","create a new Item");
$this->_authManager->createOperation("readCategory","read Item information");
$this->_authManager->createOperation("updateCategory","update Item information");
$this->_authManager->createOperation("deleteCategory","delete an Item from a Hotel");
////create the lowest level operations for issues
$this->_authManager->createOperation("createItem","create a new Item");
$this->_authManager->createOperation("readItem","read Item information");
$this->_authManager->createOperation("updateItem","update Item information");
$this->_authManager->createOperation("deleteItem","delete an Item from a Category");
////create the reader role and add the appropriate permissions as children to this role
$role=$this->_authManager->createRole("reader");
$role->addChild("readUser");
$role->addChild("readHotel");
$role->addChild("readCategory");
$role->addChild("readItem");
$role->addChild("createUser");
////create the member role, and add the appropriate permissions, as well as the reader role itself, as children
$role=$this->_authManager->createRole("manager");
$role->addChild("readUser");
$role->addChild("readHotel");
$role->addChild("readCategory");
$role->addChild("readItem");
$role->addChild("createHotel");
$role->addChild("createCategory");
$role->addChild("createItem");
$role->addChild("updateHotel");
$role->addChild("updateCategory");
$role->addChild("updateItem");
$role->addChild("deleteHotel");
$role->addChild("deleteCategory");
$role->addChild("deleteItem");
////create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children
$role=$this->_authManager->createRole("admin");
$role->addChild("reader");
$role->addChild("manager");
$role->addChild("createUser");
$role->addChild("updateUser");
$role->addChild("deleteUser");
echo 'Making Afnan admin';
$this->_authManager->assign('admin','3');
echo 'Making Riaz Manager';
$this->_authManager->assign('manager','2');
echo 'Sucess';
//provide a message indicating success
echo "Authorization hierarchy successfully generated.";
}
}
}
?>
269
Because check access method checks based on user Id and if you donot have getId() function in your user identity then it will just return name in place of id and that will be cause of ever sending false
158
I was trying to implement orn RBAC system and everything seemed to work, but the only problem i had, that checkAccess didnt work. Then i changed my UserIdentity Class to following and it started to work.
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
{
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('title', $record->username);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
