Yii Framework Forum: User Authentication & Management - Yii Framework Forum

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

User Authentication & Management

#1 User is offline   CGeorge 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 27-May 10
  • Location:Spain

Posted 07 October 2011 - 01:54 AM

I know that we have multiple useful extensions that provides this feature, but I think that a built-in user authentication & management module is a must for all the web frameworks. Look Django and web2py :)
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,350
  • Joined: 17-January 09
  • Location:Russia

Posted 07 October 2011 - 09:52 AM

I don't think these are good candidates for a core framework. Still, I agree that this is the very common task so maybe will consider to putting up an official package for it.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
3

#3 User is offline   CGeorge 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 27-May 10
  • Location:Spain

Posted 07 October 2011 - 01:05 PM

View Postsamdark, on 07 October 2011 - 09:52 AM, said:

I don't think these are good candidates for a core framework



You're right, I agree Posted Image

Thanks!


0

#4 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 566
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 18 October 2011 - 12:37 PM

It would be helpful if checkAccess() could be disabled in config for debugging, so it would always return true.
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#5 User is offline   Ivica 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 315
  • Joined: 25-May 11

Posted 19 October 2011 - 12:25 AM

One more thumb up, for including authentication & authorization management module in official package.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#6 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 566
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 19 October 2011 - 02:20 AM

@Ivica:
Have a look at http://www.yiiframew...ons/?category=1 there are plenty of very good user and auth modules with GUI already:

http://www.yiiframew...nsion/yii-user/
http://www.yiiframew...ser-management/
http://www.yiiframew...tension/rights/
http://www.yiiframew...ion/usergroups/
http://www.yiiframew...xtension/srbac/

Just to name a few ... :)
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#7 User is offline   CGeorge 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 27-May 10
  • Location:Spain

Posted 19 October 2011 - 02:46 AM

View Postschmunk, on 19 October 2011 - 02:20 AM, said:




Maybe I have misunderstood his words but I think that samdark has already talked about them:

samdark said:

I don't think these are good candidates for a core framework.



Further I think that, except the 2 first ones, these extensions are not a complete user authentication & management system (with user authentication, registration, verification, etc)
0

#8 User is offline   chuntley 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 23-April 10

Posted 21 October 2011 - 12:20 PM

I believe this should be included in Gii. Just a simple click and all user authentication and management is setup for you.
1

#9 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 21 October 2011 - 12:33 PM

No !! :lol:

However:
I think it's a very good idea to request that the authors/maintainers of those extensions add a gii generator to - well - generate that. :)
We can't have it in Yii core, as it's totally dependent on whatever authentication system we're using.
"Less noise - more signal"
2

#10 User is offline   CGeorge 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 27-May 10
  • Location:Spain

Posted 22 October 2011 - 05:40 AM

View Postjacmoe, on 21 October 2011 - 12:33 PM, said:

We can't have it in Yii core

I Agree!
0

#11 User is offline   Davidhhuan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 270
  • Joined: 08-September 09

Posted 27 October 2011 - 09:05 AM

View Postsamdark, on 07 October 2011 - 09:52 AM, said:

I don't think these are good candidates for a core framework. Still, I agree that this is the very common task so maybe will consider to putting up an official package for it.


official package +1
no pain, no gain...

My Blog : http://cnblogs.com/davidhhuan
My website: http://sharefamily.net/
0

#12 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 566
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 27 October 2011 - 09:24 AM

I would be even more useful if the default user has also an implementation for authItems (no management) - this is also a debug issue.
Like, do not set only username => password in key value pairs, make an array structure like,
array(
  1 => array(
    'name' => 'admin',
    'password' => 'secret',
    'authItems' => array(
      'Editor.*', 'Testitem'
    )
  )
)

Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#13 User is offline   outrage 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 313
  • Joined: 10-November 09
  • Location:Blackpool, United Kingdom

Posted 02 November 2011 - 07:02 PM

I think this should be in the core too.

There are many good 'user' modules out there, but how often are they updated, will they work with Yii 2, do they use best practices?

For such a common requirement, better to have it in core functionality so you can forget about it.
0

#14 User is offline   chuntley 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 23-April 10

Posted 06 November 2011 - 12:10 PM

From the Yii homepage: "Yii is a high-performance PHP framework best for developing Web 2.0 applications."

From Wikipedia: "A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community"

The core feature of what makes a website "2.0" (for the record I hate that term) are the users. Without some sort of official extension (Gii module, etc), it is lacking an extremely important aspect of making Web 2.0 website. Automatic CRUD generation + automatic RBAC (or some other form of user auth) generation would be great.
1

#15 User is offline   Bman900 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 27-March 11

Posted 14 November 2011 - 03:43 PM

View Postskyer2000, on 06 November 2011 - 12:10 PM, said:

From the Yii homepage: "Yii is a high-performance PHP framework best for developing Web 2.0 applications."

From Wikipedia: "A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community"

The core feature of what makes a website "2.0" (for the record I hate that term) are the users. Without some sort of official extension (Gii module, etc), it is lacking an extremely important aspect of making Web 2.0 website. Automatic CRUD generation + automatic RBAC (or some other form of user auth) generation would be great.


Very good point and I do agree with adding a basic feature like this to the next release just to be able to jump start a project. Also of all those extensions mentioned above, the amount of bugs create more headaches then it solves.
0

#16 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 21 December 2011 - 03:31 PM

I'm curious about what will change in the authorization in Yii2.

I'm currently working on a successor to my Rights extension. The reason for why I'm writing a new extension is to improve mainly the performance and usability and to correct some mistakes that were made when designing Rights.

Do the Yii team have any plans they would like to share about the future of Yii's authorization?
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#17 User is offline   Tipugin 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 120
  • Joined: 14-June 10
  • Location:Ivanovo, Russia

Posted 22 December 2011 - 01:12 AM

I dont think that builtin authorization is a good idea. Django's out-of-box solution, which was mentioned here, is so inconvenient and hard to customization. I think frameworks should not deal with stuff like authorization. But if they do - things should be abstract as much as possible.
0

#18 User is offline   phtamas 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 527
  • Joined: 26-February 11
  • Location:Mezőtúr, Hungary

Posted 23 December 2011 - 01:09 PM

View PostTipugin, on 22 December 2011 - 01:12 AM, said:

I think frameworks should not deal with stuff like authorization.


Built-in authorization doesn't do any harm if it can be bypassed completely and easily. In case of Yii it's really easy: authorization component won't even be loaded if you don't call it explicitly (or implicitly, by access control filters).

View PostTipugin, on 22 December 2011 - 01:12 AM, said:

But if they do - things should be abstract as much as possible.


Can't agree more. Abstraction is not the biggest strength of current implementation (it works well in the majority of use cases, though) . When I need a highly customized solution, I have to implement it from scratch. IAuthManager interface makes a bit too much assumptions about implementation details.
0

#19 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 23 December 2011 - 03:06 PM

View Postphtamas, on 23 December 2011 - 01:09 PM, said:

Can't agree more. Abstraction is not the biggest strength of current implementation (it works well in the majority of use cases, though) . When I need a highly customized solution, I have to implement it from scratch. IAuthManager interface makes a bit too much assumptions about implementation details.


I totally agree. The current implementation doesn't give enough freedom and it feels like it was designed with a single solution in mind.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#20 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,350
  • Joined: 17-January 09
  • Location:Russia

Posted 23 December 2011 - 03:24 PM

What's bad/not enough in current interface?
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

Share this topic:


  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users