Configuring Authorization Manager

mpluss · November 11, 2010, 12:45pm

Hello,

I want to configure the Authorization management using a table in my database. How to implement?

I read this post, but I did not understand.

Thank you.

zaccaria · November 11, 2010, 12:56pm

According to the documentation of CDbAuthManager, you should create the table for the auth manager following the description of this file.

Once you have got the table (you are not required to create any model) you can create the role herarchy following the instruction of the definitive guide (the post you cited).

Just write a simple action in some controller with the instruction for create the herarchy, run once and then delete.

Once this is done, you can assign roles to user and check the access permission in your code.

mpluss · November 11, 2010, 1:06pm

Thank you zaccaria,

how we can assign roles to the user (I have a table called "user") and verify authorization to access ?

(Is the AuthItem table must be linked to User table?)

zaccaria · November 11, 2010, 1:28pm

You don’t have to link the table.

The assign /checkAccess uses simply the username, you have to pass it as parameter:




Yii::app()->authManager->assign('admin', $user->userId);


if (!Yii::app()->authManager->checkAccess('admin', $user->userId))

    throw new Exception;

Also CWebUser has the checkaccess method, so you can check as:




if(Yii::app()->user->checkAccess('admin'))

mpluss · November 11, 2010, 2:45pm

what about "Access control filter" ? Should I delete functions "filters" and "AccessRule" in all controllers ?

and where we put the "Access Checking"?

zaccaria · November 11, 2010, 3:04pm

You can use the function filters.

you can write rules using the access rules:




	'actions'=>array('create','update', 'delete'),

	'roles'=>array('admin'),

That means, that this action will be available only to user wich have been assigned the property admin

mpluss · November 11, 2010, 3:17pm

other than the restriction by action, I must make restrictions by module (eg assign a user to manage invoices and management regulations only). How could I do?

zaccaria · November 12, 2010, 8:14am

You can edit the class module name and add a check:




<?php


class AdminModule extends CWebModule

{

	public function init()

	{

		// this method is called when the module is being created

		// you may place code here to customize the module or the application


		// import the module-level models and components

		$this->setImport(array(

			'admin.models.*',

			'admin.components.*',

		));

	}


	public function beforeControllerAction($controller, $action)

	{

		if(parent::beforeControllerAction($controller, $action))

		{

			if (Yii::app()->user->isGuest)

				Yii::app()->user->loginRequired();

			return true;

		}

		else

			return false;

	}

}

Instead of Yii::app()->user->isGuest you can do Yii::app()->user->checkAccess(‘admin’), for example.