Yii Framework Forum: Access Rule - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Access Rule access rule Rate Topic: -----

#1 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 22-March 12

Posted 09 April 2013 - 03:52 PM

Hello

In controller i have a problem with access rules, In my useridentity class i have role variable i saved employer.
if($user->role==2)
		{$role='joobseeker';}
		
		if($user->role==3)
		{$role='employer';}
		
		$this->setState('role', $role);


So please any one tell me that in my controller how can i make a rule for users who has employer's role.
Below the code i am trying to use but it is not working,

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
            ),



Anyone please help me to rectify it
0

#2 User is offline   KonApaz 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,317
  • Joined: 21-February 11
  • Location:Greece

Posted 10 April 2013 - 12:06 PM

Hi Alankar

You have to seperate two things in your controller

  • Users who has permissions of general action (like admin has action deleteUser)
  • Users who has permissions for specific Users in Action


for example

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),

....

public function actionDelete($id) {
if (Yii::app()->authManager->isAssigned('employer', $id))
 throw new CHttpException(403, 'You are not authorized to perform this action.');
..your code to delete the user with id = $id

}


The above you could achieve (with or without) RBAC bizrule
http://www.yiiframew...al-rbac-scheme/

:)
Yii is the best php framework in the world!
find our demo Yii extension on www.webkit.gr
Is it post useful? please v++ ;)
0

#3 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 22-March 12

Posted 10 April 2013 - 01:29 PM

View PostKonApaz, on 10 April 2013 - 12:06 PM, said:

Hi Alankar

You have to seperate two things in your controller

  • Users who has permissions of general action (like admin has action deleteUser)
  • Users who has permissions for specific Users in Action


for example

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),

....

public function actionDelete($id) {
if (Yii::app()->authManager->isAssigned('employer', $id))
 throw new CHttpException(403, 'You are not authorized to perform this action.');
..your code to delete the user with id = $id

}


The above you could achieve (with or without) RBAC bizrule
http://www.yiiframew...al-rbac-scheme/

:)


Hi KonApaz

Thanks, i just want to confirm that in "$this->setState('role', $role);", we are assigning role. So this role value we are assigning here is same?
array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


,
0

#4 User is offline   KonApaz 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,317
  • Joined: 21-February 11
  • Location:Greece

Posted 10 April 2013 - 01:58 PM

View PostAlankar Singh, on 10 April 2013 - 01:29 PM, said:

Hi KonApaz

Thanks, i just want to confirm that in "$this->setState('role', $role);", we are assigning role. So this role value we are assigning here is same?
array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


,


The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here
http://www.yiiframew...3314#entry33314

So you have to set $this->setState('role', $role) where $roles has admin role.
Therefore the

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


Permit the user to access the specific action
Yii is the best php framework in the world!
find our demo Yii extension on www.webkit.gr
Is it post useful? please v++ ;)
0

#5 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 22-March 12

Posted 13 April 2013 - 02:41 PM

View PostKonApaz, on 10 April 2013 - 01:58 PM, said:

The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here
http://www.yiiframew...3314#entry33314

So you have to set $this->setState('role', $role) where $roles has admin role.
Therefore the

array('allow',
                'actions'=>array('delete'),
                'roles'=>array('admin'),
         ),


Permit the user to access the specific action



Hi KonApaz

I just want to confirm that what is the correct syntax $this->setState('role', $role) or $this->setState('roles', $role). I think roles and role are different, In some line you used roles and in some you used role.

Second where i have to use the code below, mean to which file i have to do this


$auth=Yii::app()->authManager;
 
$auth->createOperation('createPost','create a post');
$auth->createOperation('readPost','read a post');
$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
 
$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');
 
$role=$auth->createRole('reader');
$role->addChild('readPost');
 
$role=$auth->createRole('author');
$role->addChild('reader');
$role->addChild('createPost');
$role->addChild('updateOwnPost');
 
$role=$auth->createRole('editor');
$role->addChild('reader');
$role->addChild('updatePost');
 
$role=$auth->createRole('admin');
$role->addChild('editor');
$role->addChild('author');
$role->addChild('deletePost');
 
$auth->assign('reader','readerA');
$auth->assign('author','authorB');
$auth->assign('editor','editorC');
$auth->assign('admin','adminD');


Thanks
0

#6 User is offline   Pathfinder 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 26
  • Joined: 19-January 13
  • Location:Ukraine

Posted 14 April 2013 - 03:10 AM

You may add this code to some admin controller.
If you are using CPhpAuthManager you should add this at the end:
$auth->save();

The result of running this code is a new file with this auth information in it.
The AuthManager component will load this auth information automatically from this file.
0

#7 User is offline   Alankar Singh 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 22-March 12

Posted 14 April 2013 - 02:08 PM

View PostPathfinder, on 14 April 2013 - 03:10 AM, said:

You may add this code to some admin controller.
If you are using CPhpAuthManager you should add this at the end:
$auth->save();

The result of running this code is a new file with this auth information in it.
The AuthManager component will load this auth information automatically from this file.

Hi KonApaz

I am using code given below
array('allow',
                'actions'=>array('create'),
                'roles'=>array('admin'),
         ),


but it is showing 403 error, and in my roles variable i am getting "admin" too.
Is there any configuration or changes i have to do to roles?
0

#8 User is offline   Pathfinder 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 26
  • Joined: 19-January 13
  • Location:Ukraine

Posted 15 April 2013 - 12:56 AM

For some example take a look at this
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users