YiiAuth + YiiBooster extension. By @robregonm

AuthBooster is a new module for managing user permissions in Yii applications. It's a completely new, modern and responsive user interface for Yii's authorization manager (CAuthManager) built using the also popular Yii-Booster extension. Originally developed by Christoffer Niska (aka @cniska) but since Auth is not now compatible anymore with Yii-Booster extension, so I decided to fork with all the power of Yii-Auth + Yii-Booster compatibility.




Download the latest release from Yii extensions.

Unzip the module under protected/modules/auth and add the following to your application config:

return array(
  'modules' => array(
  'components' => array(
    'authManager' => array(
      'behaviors' => array(
        'auth' => array(
          'class' => 'auth.components.AuthBehavior',
    'user' => array(
      'class' => 'auth.components.AuthWebUser',
      'admins' => array('admin', 'foo', 'bar'), // users with full access


Please note that while the module doesn't require you to use a database, if you wish to use CDbAuthManager you need it's schema (it can be found in the framework under web/auth).


Configure the module to suit your needs. Here's a list of the available configurations (with default values).

'auth' => array(
  'strictMode' => true, // when enabled authorization items cannot be assigned children of the same type.
  'userClass' => 'User', // the name of the user model class.
  'userIdColumn' => 'id', // the name of the user id column.
  'userNameColumn' => 'name', // the name of the user name column.
  'defaultLayout' => 'application.views.layouts.main', // the layout used by the module.
  'viewDir' => null, // the path to view files to use with this module.

Enabling caching

To enable caching for CDbAuthManager you can use CachedDbAuthManager that provides caching for access checks. Here's an example configuration for the component:


Checking access

When you wish to check if the current user has a certain permission you can use the CWebUser::checkAccess() method which can be access from anywhere in your application through Yii::app() like so:

if (Yii::app()->user->checkAccess('itemName')) // itemName = name of the operation
  // access is allowed.

In order to keep your permissions dynamic you should never check for a specific role or task, instead you should always check for an operation. For more information on Yii's authorization manager refer to the framework documentation on Authentication and Authorization.

Checking access using a filter

You can also use a filter to automatically check access before controller actions are called. Operations used with this filter has to be named as follows (moduleId.)controllerId.actionId, where moduleId is optional. You can also use a wildcard ***controllerId.**** instead of the actionId to cover all actions in the controller or ***module.**** instead of the controllerId to cover all controllers in the module.

public function filters()
  return array(

For more information on how filters work refer to the framework documentation on Controllers.


Do you wish to provide a translation for Auth? If so, please do a pull request for it. Translations should be placed in the messages folder under a folder named according to its locale (e.g. en_us).


Note: This version DOES NOT require yiistrap!!


Total 9 comments

#13570 report it
Stefano Mtangoo at 2013/06/06 05:12pm
Thank you!

Thanks for a comment!

#13568 report it
robregonm at 2013/06/06 01:27pm
Re: Better Conventions

@Stefano Mtangoo That way is ok: ->checkAccess("module.controller.action") I prefer them to be Operations and/or Tasks... I keep roles for User groups only. Just my personal preference.

#13567 report it
michaelGregoire at 2013/06/06 12:44pm

@robregonm Thanks for the response. I'll take a look at Yii-User and see where that gets me.

#13566 report it
robregonm at 2013/06/06 12:35pm
Re: User Management Module

@michaelGregoire I'd prefer you to use another user module in the meantime like Yii-User, because I think, the extension is still not ready to be releassed yet for an average use. (I developed it for my own use, but I'm preparing it to general use) The extension itself does some basic tasks (but still requires lot of work). I think I'm going to create a github repo for those (like you) who probably would like to collaborate :)

Btw, In my user management module I'm borrowing some ideas from some of the existing extensions, so, feel free to use any user management extension. It's not big deal to integrate them into existing apps (I used to use Yii-User).

#13555 report it
michaelGregoire at 2013/06/05 04:01pm
User Management Module

@robregonm Any idea when can we expect your user management module? I'd like to stick with AuthBooster and would love to be able to also use a User Management extension that works with it.

#13516 report it
Stefano Mtangoo at 2013/06/03 09:36am
Better Conventions

rob, what is the best naming with checkAccess()? I mean modules controllers actions is this good ones ->checkAccess("module.controller.action")

#13514 report it
robregonm at 2013/06/03 09:20am
User Management Module

@xNicox Also, you can check some user management extensions like: Yii-User, YUM... Nevertheless, I hope to release a User Management Module for AuthBooster (that uses AuthBooster built-in). So, good news are coming :)

#13472 report it
Stefano Mtangoo at 2013/05/30 08:07am
You need to understand Auth in Yii

Yii divides Authentication and Authorization. The Extension is for Authorization. So before you use it you should have authentication in place. Check Yii Guide on topic!

#13471 report it
xNicox at 2013/05/30 08:02am
Please Help

Help me, I'm trying to create a fresh app with this extension. But I cant't make Auth to work. I created a Dbatabase and create the Auth* tables. I change everything in config/main.php. but I have 2 questions: Where is the User table squema/definition ? Why is using the UserIdentity.php file, instead of the database to authenticate ? Best Regards

Leave a comment

Please to leave your comment.

Create extension