Yii Framework Forum: Strange behavior in CDBAuthManager -> clearAuthAssignments - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Strange behavior in CDBAuthManager -> clearAuthAssignments Rate Topic: -----

#1 User is offline   junxiong 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 541
  • Joined: 21-June 10

Posted 04 July 2010 - 01:52 PM

Ok, this is the weirdest thing I ever encounter. I am not understand yet about Yii framework. But today, I don't know this is somekind of bug or what. To summary, I found out that CDBAuthManager->clearAuthAssignments() doesn't clear the tables if I run on Firefox or Opera. But it does delete the table if I try it on Chrome.

To explain why like that, maybe I will tell how I code.
Today I learn how to use RBAC to authorizing in my web application. So I code like this:

//In protected/controller/SiteController.php
public function actionLogin()
	{
		....

			if($model->validate() && $model->login()){
			    $this->actionBuildAuth();
                            ...
			}
                ....
	}



//in protected/components/SiteController.php
public function actionBuildAuth()
    {
        $auth=Yii::app()->authManager;

        $auth->clearAll();
        
        //create operations
        //Users
        $auth->createOperation ('listUser', 'Menampilkan users');
        ...
        
        
        //task
        $task = $auth->createTask('manageUser');
        $task->addChild('listUser');        
        ...

        $role = $auth->createRole('manager');
        $role->addChild('reportInventoryOpname');
        ...
       
       $auth->save();
    }



//in protected/components/UserIdentity.php
public function authenticate()
	{
 
	...
        }else{ //If validation success
            $this->errorCode = self::ERROR_NONE;
            ....
            
            $this->_id=$users->id;
            $auth=Yii::app()->authManager;
            if(!$auth->isAssigned($users->type,$this->_id))
            {
                    if($auth->assign($users->type,$this->_id)){
                            Yii::app()->authManager->save();
                      }
            }
        }
	...
	}


At first I didn't realize there is wrong step on my above code. So it assign user at first, later call actionBuildAuth() which it do $auth->clearAll();

So here is the weird one. According to the code, calling $auth->clearAll() should make the table of "assignmentTable" empty. That's mean the $auth->assign() function that I called in authenticate() should be gone too...
But in reality I test it by login on Firefox and Opera, it doesn't empty.
Only in Chrome it does empty.

So why it can be like that? :( :ph34r: :ph34r:
“The most likely way for the world to be destroyed, most experts argue, is by accident. That’s where we come in; we’re computer professionals. We cause accidents.” - Nathaniel Borenstein

Yii Playground : Collaborative demo apps. You can join to improve it too!
My Team's Blog: In Indonesian.
0

#2 User is offline   zaccaria 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 2,232
  • Joined: 04-October 09
  • Location:Moscow

Posted 05 July 2010 - 01:36 AM

Browser cannot made any difference in behaviour of this php function.

Maybe on Chrome you was already logged in and in the other browser you wasn't, that can made some difference in behavior.

Your code is strange, you should change some stuff.

You should't create the authorization tree on login, it should't work like that.

The roles should be created once and stored in database, so the actionBuildAuth should be called once in the life of your application.

When you log in a user, the roles he has been granted will be authomatically loaded and all will work fine.

The only operation on authorization that is usually done in the normal lifecyicle of an application is grant/revoke roles on user, but roles should be defined once.
0

#3 User is offline   junxiong 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 541
  • Joined: 21-June 10

Posted 05 July 2010 - 08:17 AM

View Postzaccaria, on 05 July 2010 - 01:36 AM, said:

Browser cannot made any difference in behaviour of this php function.

Maybe on Chrome you was already logged in and in the other browser you wasn't, that can made some difference in behavior.



Yes, I know it is impossible for browser to affect the php function. But I have trace down to clearAuthAssignments() function by giving die() before and after function call. But well, maybe you're right, since I am not an expert myself...


Quote


Your code is strange, you should change some stuff.

You should't create the authorization tree on login, it should't work like that.

The roles should be created once and stored in database, so the actionBuildAuth should be called once in the life of your application.

When you log in a user, the roles he has been granted will be authomatically loaded and all will work fine.

The only operation on authorization that is usually done in the normal lifecyicle of an application is grant/revoke roles on user, but roles should be defined once.



I see, so where should I put the code. I just dunno where should I put the code, that's why I just put it at there :P
I know that in order to make it run once I think I just need to put validation before create authorization tree. But where is the good place to call the function??
“The most likely way for the world to be destroyed, most experts argue, is by accident. That’s where we come in; we’re computer professionals. We cause accidents.” - Nathaniel Borenstein

Yii Playground : Collaborative demo apps. You can join to improve it too!
My Team's Blog: In Indonesian.
0

#4 User is offline   zaccaria 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 2,232
  • Joined: 04-October 09
  • Location:Moscow

Posted 05 July 2010 - 09:20 AM

You can write an actionSetRoles() in some controller, run once and then delete (or, better, forbid the use).

If you are more confident about what CDbAuthManager saves in your database you can even set the roles by adding directly in database.

I prefer to use the one-time action, anyway
0

#5 User is offline   junxiong 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 541
  • Joined: 21-June 10

Posted 05 July 2010 - 09:35 AM

View Postzaccaria, on 05 July 2010 - 09:20 AM, said:

You can write an actionSetRoles() in some controller, run once and then delete (or, better, forbid the use).

If you are more confident about what CDbAuthManager saves in your database you can even set the roles by adding directly in database.

I prefer to use the one-time action, anyway


Ow... I think I get it... Gotta try it. Thanks :)
“The most likely way for the world to be destroyed, most experts argue, is by accident. That’s where we come in; we’re computer professionals. We cause accidents.” - Nathaniel Borenstein

Yii Playground : Collaborative demo apps. You can join to improve it too!
My Team's Blog: In Indonesian.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users