i’m new to yii, and i’m about to start my first project .I started digging the RBAC and user auth trench .and found lots of solutions.
One of the usergroups on your forum pages were introduced.in folowing link:
But its history was related to the past. To you now is the best rbac ext for a medium project ? Sorry about my bad English
Best one is the one in Yii core. It’s not as easy to master but it’s reliable and it can handle everything any other variant can.
Thanks for your answer. I’m very confused and I had a few basic questions.
summary of my project:
I have five user level as follows:
admin
employee
member
customer
demandant
There are about 14 models in the project.
3 the following operations for each model:
creat
update
view
So there are 42 athitem’ operations.
(Most users have little interaction.)
(Most changes are done by the administrator.)
(Other users, each only a small area of project management are responsible for)
2.With regard to the above description I can manage without the use of extension users. And such books Agile Web Application Development with Yii1.1 and PHP5 . First, the command to create a hierarchy between the athitem.(rbac in yiic shell) then used to manage the users by class authManager.
3.I’ve search the internet in some cases, the controller was used to initialize the following tables. If this solution is better than using yiic shell (rbac command). The controller must be placed in each project area?
Please help me if there is a good source because it was very confusing. 
Can be handled w/o any extensions by core RBAC.
Yes, first create hierarchy then use it in your code.
Not sure what this one is about.
tanks for your answer.
Finally I tried using the following Yii Core:
1-modify athentication function in userIdentify class(protected/componnent/UserIdentity.php)
public function authenticate()
{
$user = User::model()->findByAttributes(array('username'=>$this->username));
if($user === null)
{
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
else
{
//I use salt for dont store plain text password in db
if($user->password !== $user->encryptPassword($this->password, $user->salt))
{
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}
else
{
/*
The following initialization code :
$this->_id = $user->id;
by this code can get userId anywhere on the project:
Yii::app()->user->getId()
and can check access of user by following code:
Yii::app()->user->checkAccess('admin',array('test'=>$model))
*/
$this->_id = $user->id;
$user->saveAttributes(array('last_login_time'=>date('Y-m-d H:i:s')));
$this->setState('lastLoginTime', $lastLogin);$this->errorCode = self::ERROR_NONE;
}
}
return ! $this->errorCode;
}
2-Before we can establish an authorization hierarchy, assign users to roles, and perform access permission checking, we need to configure the authorization manager application component, authManager. This component is responsible for storing the permission data and managing the relationships between permissions as well as providing the methods to check whether or not a user does have access to perform a particular operation.
'components'=>array(
.....
'authManager'=>array(
'class'=>'CDbAuthManager',
.....
Now we can access this anywhere in
our application using Yii::app()->authManager
3-As mentioned, the CDbAuthManager class uses database tables to store the permission data. It expects a specific schema. That schema is identified in the framework file
YiiRoot/framework/web/auth/schema.sql.import this file on your db.
4-create hierarchy in yiic shell such books Agile Web Application Development with Yii1.1 and PHP5 (chapter 8 )
use following code in (protected/command/shell/RbacCommand.php)
<?php
class RbacCommand extends CConsoleCommand
{
private $_authManager;
public function getHelp()
{
return <<<EOD
USAGE
rbac
DESCRIPTION
This command generates an initial RBAC authorization hierarchy.
EOD;
}
/**
* Execute the action.
* @param array command line parameters specific for this command
*/
public function run($args)
{
//ensure that an authManager is defined as this is mandatory
for creating an auth heirarchy
if(($this->_authManager=Yii::app()->authManager)===null)
{
Iteration 5: User Access Control
[ 184 ]
echo "Error: an authorization manager, named 'authManager'
must be configured to use this command.\n";
echo "If you already added 'authManager' component in
application configuration,\n";
echo "please quit and re-enter the yiic shell.\n";
return;
}
//provide the oportunity for the use to abort the request
echo "This command will create three roles: Owner, Member, and
Reader and the following premissions:\n";
echo "create, read, update and delete user\n";
echo "create, read, update and delete project\n";
echo "create, read, update and delete issue\n";
echo "Would you like to continue? [Yes|No] ";
//check the input from the user and continue if they indicated yes to
the above question
if(!strncasecmp(trim(fgets(STDIN)),'y',1))
{
//first we need to remove all operations, roles, child relationship
and assignments
$this->_authManager->clearAll();
//create the lowest level operations for users
$this->_authManager->createOperation("createUser","create
a new user");
$this->_authManager->createOperation("readUser","read
user profile information");
$this->_authManager->createOperation("updateUser","update
a users information");
$this->_authManager->createOperation("deleteUser","remove
a user from a project");
//create the lowest level operations for projects
$this->_authManager->createOperation("createProject","cre
ate a new project");
$this->_authManager->createOperation("readProject","read
project information");
$this->_authManager->createOperation("updateProject","up
date project information");
$this->_authManager->createOperation("deleteProject","del
ete a project");
//create the lowest level operations for issues
Chapter 8
[ 185 ]
$this->_authManager->createOperation("createIssue","crea
te a new issue");
$this->_authManager->createOperation("readIssue","read
issue information");
$this->_authManager->createOperation("updateIssue","upda
te issue information");
$this->_authManager->createOperation("deleteIssue","dele
te an issue from a project");
//create the reader role and add the appropriate permissions as
children to this role
$role=$this->_authManager->createRole("reader");
$role->addChild("readUser");
$role->addChild("readProject");
$role->addChild("readIssue");
//create the member role, and add the appropriate permissions, as well
as the reader role itself, as children
$role=$this->_authManager->createRole("member");
$role->addChild("reader");
$role->addChild("createIssue");
$role->addChild("updateIssue");
$role->addChild("deleteIssue");
//create the owner role, and add the appropriate permissions, as well
as both the reader and member roles as children
$role=$this->_authManager->createRole("owner");
$role->addChild("reader");
$role->addChild("member");
$role->addChild("createUser");
$role->addChild("updateUser");
$role->addChild("deleteUser");
$role->addChild("createProject");
$role->addChild("updateProject");
$role->addChild("deleteProject");
//provide a message indicating success
echo "Authorization hierarchy successfully generated.";
}
}
}
4-Let’s try out this new command. Navigate to the root of your application and execute
the shell command:
1.Navigate to the root of your application(for example):
--cd c:\xamp\YiiRoot
2.execute the shell command:
--YiiRoot/framework/yiic shell
3.in yii shell command inviroment type help for get list of comands
--help
4. you can see commands .Rbac is one of the following commands. That the command is created in the previous step:
--Rbac
by execute Rbac command create RBAC authorization hierarchy in following tables that created in step 2.
5-We can now control access for the user to use the following code:
if(Yii::app()->user->checkAccess('admin',array('articles'=>$model)))
{
.....
}
6-Now we can control user access to controller actions to create changes in the accessRules function:
accessRules in testController
class testController extends Controller
{
...
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index','download' and 'view' actions
'actions'=>array('index', 'view', 'download'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'index', 'view', 'download' actions
'actions'=>array('index', 'view', 'download'),
'users'=>array('@'),
),
array('allow', // allow testusername user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'users'=>array('testusername'),
),
array('allow', // allow owner role to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'role'=>array('owner '),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
..
}
As we saw manage Rbac one operation to give access to the owner role in accessRules function :
array('allow', // allow owner role to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'role'=>array('owner '),
),
It was a summary of Chapter 8 Book (Agile Web Application Development with Yii1.1 and PHP5) .I hope this is useful.