CAuthManager

Looking at Role Based Access Control, I have a few questions:

  1. The documentation has things like this:
$auth->createOperation('readPost','read a post');


$role=$auth->createRole('reader');


$role->addChild('readPost');

My question: Can I have a space in the operation name? Instead of 'readPost' can I have 'Read Post'? For example:

$auth->createOperation('Read Post','read a post');


$role=$auth->createRole('reader');


$role->addChild('Read Post');

Would that be ok?

  1. The roles and operations are all stored in the database, right? So I only have to create a role/operation once in the life of my application? (until I delete it)

  2. To assign a role, the doc says:  $auth->assign('reader','readerA');

Is the second parameter ('readerA') supposed to be the user name? What if the user changes his user name? Is it not possible to use the numeric user id that I store internally and never changes for a user?

Thanks.

  1. yes, you can. This can be any string (including non-English characters).

  2. If you are using CDbAuthManager, the data will be stored in database. And, yes, you only need to set them once, unless your system supports permission management.

  3. This should be what Yii::app()->user->id returns. If you want to use something else, you should extend CWebUser and override its checkAccess().

I tried to set permissions using CDbAuthManager but I got an error:

CDbCommand failed to execute the SQL statement: SQLSTATE[42S02]:


Base table or view not found: 1146 Table 'ingots_dummy.AuthItem' doesn't exist

Ok, so clearly there is some sort of init process I have to do to get the AuthItem table setup. How do I do that?

Check framework/web/auth/schema.sql

Thanks! It works now.

I notice that the schema includes foreign keys. I use MySQL. Should I set the storage engine to InnoDB so that the foreign keys apply? (MyISAM doesn't support foreign keys).

FK is not required. It would be better if you have it so that data consistency can be ensured.

Thanks for all the help. I have one question about the AuthAssignment table. Under the 'data' field it seems to give an 'N;' value. What does that mean?

I have several hundred users that I need to migrate to the new Yii application. I am planning to insert data directly into the AuthAssignment table, since the format looks simple enough. Is it correct to give 'N;' to everybody under the 'data' field?

Thanks.

The data is the serialized representation of the data property of an auth item. I think N; means it is null. You normally should use CDbAuthManager::createAuthItem() to create an auth item. By doing that, you don't need to touch that data column explicitly.

I also came over this N; as data in my auth assignments.

And I also wondered why 'N;' is stored in the database instead of 'NULL' .

I looked into the sourcecode and see that the insert commands binds the serialized $data to the insert select.

$command->bindValue(':data',serialize($data));

Wouldn't it be better to serialize if the data is set ?

$command->bindValue(':data',(is_null($data)?$data:serialize($data)));

Cause the default value is also NULL if nothing given?

yii\framework\web\auth\CDbAuthManager.php(394):

public function createAuthItem($name,$type,$description='',$bizRule=null,$data=null)

and

public function assign($itemName,$userId,$bizRule=null,$data=null)

regards Horizons

Any particular reason you prefer NULL to N; ? Making this change would break BC.

not really a reason, i just wondered why the table column is set to have "null" as value and never get it.

I am going to use the same things(very similar). In which file I have to add these line?

In controller/model?

Basically I have a model called User with username and password. Also another field name userRole which is an integer. Later on, I want to see the userRole field and set the role.i.e. userRole ==1 is an admin which can do all CRUD but userRole==2 can only create and and update but CANNOT delete anything.

Any hint? I am really desperate and I must do it as soon as possible.

Thank you

Use Yii 1.1 forum, please. :)

[color="#006400"]/* locked */[/color]