Yii Framework Forum: Access Rule - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Access Rule access rule Rate Topic: -----

#1 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 42
  • Joined: 22-March 12

Posted 09 April 2013 - 03:52 PM

Hello

In controller i have a problem with access rules, In my useridentity class i have role variable i saved employer.
if($user->role==2)
		{$role='joobseeker';}
		
		if($user->role==3)
		{$role='employer';}
		
		$this->setState('role', $role);


So please any one tell me that in my controller how can i make a rule for users who has employer's role.
Below the code i am trying to use but it is not working,

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
            ),



Anyone please help me to rectify it
0

#2 User is offline   Kostas Apazidis (KonApaz) 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,335
  • Joined: 21-February 11
  • Location:Greece

Posted 10 April 2013 - 12:06 PM

Hi Alankar

You have to seperate two things in your controller

  • Users who has permissions of general action (like admin has action deleteUser)
  • Users who has permissions for specific Users in Action


for example

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),

....

public function actionDelete($id) {
if (Yii::app()->authManager->isAssigned('employer', $id))
 throw new CHttpException(403, 'You are not authorized to perform this action.');
..your code to delete the user with id = $id

}


The above you could achieve (with or without) RBAC bizrule
http://www.yiiframew...al-rbac-scheme/

:)
Yii is the best php framework in the world!
It is also powerful and flexible for large scale websites
find our demo Yii extension on www.webkit.gr
Is it post useful? please v++ ;)
0

#3 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 42
  • Joined: 22-March 12

Posted 10 April 2013 - 01:29 PM

View PostKonApaz, on 10 April 2013 - 12:06 PM, said:

Hi Alankar

You have to seperate two things in your controller

  • Users who has permissions of general action (like admin has action deleteUser)
  • Users who has permissions for specific Users in Action


for example

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),

....

public function actionDelete($id) {
if (Yii::app()->authManager->isAssigned('employer', $id))
 throw new CHttpException(403, 'You are not authorized to perform this action.');
..your code to delete the user with id = $id

}


The above you could achieve (with or without) RBAC bizrule
http://www.yiiframew...al-rbac-scheme/

:)


Hi KonApaz

Thanks, i just want to confirm that in "$this->setState('role', $role);", we are assigning role. So this role value we are assigning here is same?
array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


,
0

#4 User is offline   Kostas Apazidis (KonApaz) 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,335
  • Joined: 21-February 11
  • Location:Greece

Posted 10 April 2013 - 01:58 PM

View PostAlankar Singh, on 10 April 2013 - 01:29 PM, said:

Hi KonApaz

Thanks, i just want to confirm that in "$this->setState('role', $role);", we are assigning role. So this role value we are assigning here is same?
array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


,


The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here
http://www.yiiframew...3314#entry33314

So you have to set $this->setState('role', $role) where $roles has admin role.
Therefore the

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


Permit the user to access the specific action
Yii is the best php framework in the world!
It is also powerful and flexible for large scale websites
find our demo Yii extension on www.webkit.gr
Is it post useful? please v++ ;)
0

#5 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 42
  • Joined: 22-March 12

Posted 13 April 2013 - 02:41 PM

View PostKonApaz, on 10 April 2013 - 01:58 PM, said:

The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here
http://www.yiiframew...3314#entry33314

So you have to set $this->setState('role', $role) where $roles has admin role.
Therefore the

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


Permit the user to access the specific action



Hi KonApaz

I just want to confirm that what is the correct syntax $this->setState('role', $role) or $this->setState('roles', $role). I think roles and role are different, In some line you used roles and in some you used role.

Second where i have to use the code below, mean to which file i have to do this


$auth=Yii::app()->authManager;
 
$auth->createOperation('createPost','create a post');
$auth->createOperation('readPost','read a post');
$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
 
$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');
 
$role=$auth->createRole('reader');
$role->addChild('readPost');
 
$role=$auth->createRole('author');
$role->addChild('reader');
$role->addChild('createPost');
$role->addChild('updateOwnPost');
 
$role=$auth->createRole('editor');
$role->addChild('reader');
$role->addChild('updatePost');
 
$role=$auth->createRole('admin');
$role->addChild('editor');
$role->addChild('author');
$role->addChild('deletePost');
 
$auth->assign('reader','readerA');
$auth->assign('author','authorB');
$auth->assign('editor','editorC');
$auth->assign('admin','adminD');


Thanks
0

#6 User is offline   Pathfinder 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 28
  • Joined: 19-January 13
  • Location:Ukraine

Posted 14 April 2013 - 03:10 AM

You may add this code to some admin controller.
If you are using CPhpAuthManager you should add this at the end:
$auth->save();

The result of running this code is a new file with this auth information in it.
The AuthManager component will load this auth information automatically from this file.
0

#7 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 42
  • Joined: 22-March 12

Posted 14 April 2013 - 02:08 PM

View PostPathfinder, on 14 April 2013 - 03:10 AM, said:

You may add this code to some admin controller.
If you are using CPhpAuthManager you should add this at the end:
$auth->save();

The result of running this code is a new file with this auth information in it.
The AuthManager component will load this auth information automatically from this file.

Hi KonApaz

I am using code given below
array('allow',
                'actions'=>array('create'),
                'roles'=>array('admin'),
         ),


but it is showing 403 error, and in my roles variable i am getting "admin" too.
Is there any configuration or changes i have to do to roles?
0

#8 User is offline   Pathfinder 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 28
  • Joined: 19-January 13
  • Location:Ukraine

Posted 15 April 2013 - 12:56 AM

For some example take a look at this
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users