Access Rule

Hello

In controller i have a problem with access rules, In my useridentity class i have role variable i saved employer.




if($user->role==2)

		{$role='joobseeker';}

		

		if($user->role==3)

		{$role='employer';}

		

		$this->setState('role', $role);




So please any one tell me that in my controller how can i make a rule for users who has employer’s role.

Below the code i am trying to use but it is not working,





array('allow',

                'actions'=>array('delete'),

                'roles'=>array('admin'),

            ),




Anyone please help me to rectify it

Hi Alankar

You have to seperate two things in your controller

[list=1]

[*]Users who has permissions of general action (like admin has action deleteUser)

[*]Users who has permissions for specific Users in Action

[/list]

for example


array('allow',

                'actions'=>array('delete'),

                'roles'=>array('admin'),

         ),


....


public function actionDelete($id) {

if (Yii::app()->authManager->isAssigned('employer', $id))

 throw new CHttpException(403, 'You are not authorized to perform this action.');

..your code to delete the user with id = $id


}

The above you could achieve (with or without) RBAC bizrule

http://www.yiiframework.com/wiki/136/getting-to-understand-hierarchical-rbac-scheme/

:)

Hi KonApaz

Thanks, i just want to confirm that in “$this->setState(‘role’, $role);”, we are assigning role. So this role value we are assigning here is same?


array('allow',

                'actions'=>array('delete'),

                'roles'=>array('admin'),

         ),

,

The setState assign the current user with specific role, so the answer is yes (although you have to do by RBAC system)

I assume that the $user->role originated by same code that descibed here

http://www.yiiframework.com/forum/index.php/topic/6489-change-layout-depending-on-user-role/page__p__33314#entry33314

So you have to set $this->setState(‘role’, $role) where $roles has admin role.

Therefore the


array('allow',

                'actions'=>array('delete'),

                'roles'=>array('admin'),

         ),

Permit the user to access the specific action

Hi KonApaz

I just want to confirm that what is the correct syntax $this->setState(‘role’, $role) or $this->setState(‘roles’, $role). I think roles and role are different, In some line you used roles and in some you used role.

Second where i have to use the code below, mean to which file i have to do this





$auth=Yii::app()->authManager;

 

$auth->createOperation('createPost','create a post');

$auth->createOperation('readPost','read a post');

$auth->createOperation('updatePost','update a post');

$auth->createOperation('deletePost','delete a post');

 

$bizRule='return Yii::app()->user->id==$params["post"]->authID;';

$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);

$task->addChild('updatePost');

 

$role=$auth->createRole('reader');

$role->addChild('readPost');

 

$role=$auth->createRole('author');

$role->addChild('reader');

$role->addChild('createPost');

$role->addChild('updateOwnPost');

 

$role=$auth->createRole('editor');

$role->addChild('reader');

$role->addChild('updatePost');

 

$role=$auth->createRole('admin');

$role->addChild('editor');

$role->addChild('author');

$role->addChild('deletePost');

 

$auth->assign('reader','readerA');

$auth->assign('author','authorB');

$auth->assign('editor','editorC');

$auth->assign('admin','adminD');



Thanks

You may add this code to some admin controller.

If you are using CPhpAuthManager you should add this at the end:


$auth->save();

The result of running this code is a new file with this auth information in it.

The AuthManager component will load this auth information automatically from this file.

Hi KonApaz

I am using code given below




array('allow',

                'actions'=>array('create'),

                'roles'=>array('admin'),

         ),



but it is showing 403 error, and in my roles variable i am getting "admin" too.

Is there any configuration or changes i have to do to roles?

For some example take a look at this