Multiple Login Systems

Yii 1.1 General Discussion
1

Let’s say I have an admin module - from here the site admin can modify all the site features, etc.

But I also wish to create a ‘members’ module - from here site members can view and manage their enquiries.

So what I need is two login systems. So if you are logged in to members module you will not also be logged in to the admin module.

Yii uses things like:


array('allow', // allow authenticated user to perform 'create' and 'update' actions

	'actions'=>array('create', 'update'),

	'users'=>array('@'),

),

and:


'visible'=>!Yii::app()->user->isGuest

So how can we ensure users can only access the module that they are logged in to?

2

Take a look at gii

3

You can use RBAC, and give to user permissions for admin, members or both.

You can use roles in accessRules like that:




array('allow',

        'actions'=>array('create', 'update'),

        'roles'=>array('admin'),

),

And, as in security is better to wear the belt and also the suspenders, you can override the beforeControlerActionin admin module and deny access to the whole module.

4

i’d suggest srbac extension

5

Hmmmm but isn’t RBAC designed for permissions on controller actions? For example if a user is logged in to ‘member’ module and then tries to access a page in the admin module (e.g /admin/articles/update/id/2) then they should be redirected to the admin module login page. They should not be given a ‘400’ error.

The only way I can see this working is having seperate login systems in place. Will look in to the gii module and see how that works.

6

Look at the Rights extention, looks pretty good! might be what your looking for.

Read up more on RBAC, its much more powerful than you think and definitely not limited to controller actions.

7

Cheers sniper. I think that Rights extension looks good but I probably won’t be using it here.

The ideal solution is to have multiple login systems, so that if you are logged in to one particular module it does not log you in to any other module. I’ve gone with jayrulez’ suggestion and looked at how gii works, and this is how I’ve configured the member module:


parent::init();

Yii::app()->setComponents(array(

	'errorHandler'=>array(

		'errorAction'=>'member/default/error',

	),

	'user'=>array(

		'class'=>'CWebUser',

		'stateKeyPrefix'=>'member',

		'loginUrl'=>Yii::app()->createUrl('member/default/login'),

	),

));

And then configure the logout action as follows:


Yii::app()->user->logout(false);

So that only that module’s data is cleared from the session.

I’ve done the same with the admin module and it all works fine. Authentication is done using separate UserIdentity component for each module.

8

:lol:

useful information

9

I do something similar for a project of mine which needed 4 separate login systems.

This is what I did.

  1. Create module for each sub login system,

  2. Wrote an class that extended from CWebmodule that automatically overwrites the app setting with app local settings.




   public function init()

   {

      // Change applicaiton components to the ones defined in module

      // need to add false flag so it will return all components otherwise it would only return the loaded components

      Yii::app()->setComponents($this->getComponents(false));

      

   }
  1. Extended the default module class from the module from my new WebModule class and configured with



public function init()

	{

		// this method is called when the module is being created

		// you may place code here to customize the module or the application


		// import the module-level models and components

		$this->setImport(array(

			'admin.models.*',

			'admin.components.*',

		));

            

            

            // this sets default settings for admin module

            $this->setComponents(array(

                    'errorHandler' => array(// set error handler specificly for this module

                        'errorAction' => "/{$this->name}/{$this->defaultController}/error"

                    ),

                    'user' => array( // set user and authentication options

                        'class'=>'WebUser',

                        'loginUrl' => "/{$this->name}/{$this->defaultController}/login",

                        'logoutUrl' => "/{$this->name}/{$this->defaultController}/logout", 

                        'stateKeyPrefix' => "_{$this->id}",

                    ),

            ));

                                                

            // set all the features for a WebModule automaticly by init functionality             

            parent::init();

	}

  1. Made a copy of UserIdentity class and put them in each modules components class and modified the authentication method so it would target the right user login logic.

  2. Made all actions that are needed across multiple modules externally.

Worked fine for me and what best way I could keep everything separated.