Hi,
I’ve implemented the simple RBAC access wiki http://www.yiiframework.com/wiki/328/simple-rbac/ but am having problems when trying to grant access to role of admin on my controllers.
I have created a user with username and password of admin in my User model, with a role of admin.
In config/main.php I’ve amended the components section
'components'=>array(
'user'=>array(
'class' => 'application.components.WebUser',
),
Under protected/components, I’ve added the WebUser class
class WebUser extends CWebUser {
public function checkAccess($operation, $params=array())
{
if (empty($this->_id)) {
// Not identified => no rights
return false;
}
$role = $this->getState("role");
if ($role === 'admin') {
return true; // admin role has access to everything
}
// allow access if the operation request is the current user's role
return ($operation === $role);
}
}
Have edited the UserIdentity class
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
{
$record=User::model()->findByAttributes(array('username'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('roles', $record->role);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId(){
return $this->_id;
}
}
In a controller to which I want to restrict access, I have
public function filters()
{
return array(
'accessControl',
);
}
and
public function accessRules()
{
return array(
array('allow',
'actions'=>array('index','create','update','view','delete','admin'),
'roles'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
When I log in with admin/admin, on the default controller index page I test for
echo Yii::app()->user->id."<br/>";
echo Yii::app()->user->roles."<br/>";
echo Yii::app()->user->name."<br/>";
all results are as expected.
However, Yii::app()->user->checkAccess(‘admin’) returns false not true… and in my conroller, to which I should have granted access to my admin user for all actions, I am presented with a 403 error message - access denied.
Any help much appreciated!