Simple RBAC problem

Yii 1.1 General Discussion
1

Hi,

I’ve implemented the simple RBAC access wiki http://www.yiiframework.com/wiki/328/simple-rbac/ but am having problems when trying to grant access to role of admin on my controllers.

I have created a user with username and password of admin in my User model, with a role of admin.

In config/main.php I’ve amended the components section




'components'=>array(

		'user'=>array(

			'class' => 'application.components.WebUser',

		),

Under protected/components, I’ve added the WebUser class




class WebUser extends CWebUser {

    public function checkAccess($operation, $params=array())

    {

    	if (empty($this->_id)) {

            // Not identified => no rights

            return false;

        }

        $role = $this->getState("role");

        if ($role === 'admin') {

            return true; // admin role has access to everything

        }

        // allow access if the operation request is the current user's role

        return ($operation === $role);

    }


}

Have edited the UserIdentity class




class UserIdentity extends CUserIdentity

{

	private $_id;

 

    public function authenticate()

    {

        $record=User::model()->findByAttributes(array('username'=>$this->username));

        if($record===null)

            $this->errorCode=self::ERROR_USERNAME_INVALID;

  else if($record->password!==md5($this->password))

       

            $this->errorCode=self::ERROR_PASSWORD_INVALID;

        else

        {

            $this->_id=$record->id;

            $this->setState('roles', $record->role);            

            $this->errorCode=self::ERROR_NONE;

        }

        return !$this->errorCode;

    }

 

    public function getId(){

        return $this->_id;

    }

}

In a controller to which I want to restrict access, I have




public function filters()

	{

		return array(

			'accessControl', 

		);

	}

and




public function accessRules()

	{

		return array(

			array('allow',

				'actions'=>array('index','create','update','view','delete','admin'),

				'roles'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}

When I log in with admin/admin, on the default controller index page I test for

echo Yii::app()->user->id."<br/>";

echo Yii::app()->user->roles."<br/>";

echo Yii::app()->user->name."<br/>";

all results are as expected.

However, Yii::app()->user->checkAccess(‘admin’) returns false not true… and in my conroller, to which I should have granted access to my admin user for all actions, I am presented with a 403 error message - access denied.

Any help much appreciated!

2

Hi,

Sorted it, problem was in WebUser class

if (if (empty($this->id)) not if (empty($this->_id)) {