Yii Framework Forum: Chapter 8, User Acces Control - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Chapter 8, User Acces Control

#1 User is offline   doodler 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 17
  • Joined: 16-May 13

Posted 20 May 2013 - 09:50 AM

after I followed the tutorial in chapter 8 and I did as I could not access the requested page with projects only user page.
Here is my file ProjectController.php
<?php

class ProjectController extends Controller
{
	/**
	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning
	 * using two-column layout. See 'protected/views/layouts/column2.php'.
	 */
	public $layout='//layouts/column2';

	/**
	 * @return array action filters
	 */
	public function filters()
	{
		return array(
			'accessControl', // perform access control for CRUD operations
			'postOnly + delete', // we only allow deletion via POST request
		);
	}

	/**
	 * Specifies the access control rules.
	 * This method is used by the 'accessControl' filter.
	 * @return array access control rules
	 */
	public function accessRules()
	{
		return array(
			array('allow',  // allow only authenticated user to perform 'index' and 'view' actions
				'actions'=>array('index','view', 'adduser'),
				'users'=>array('@'),
			),
			array('allow', // allow authenticated user to perform 'create' and 'update' actions
				'actions'=>array('create','update'),
				'users'=>array('@'),
			),
			array('allow', // allow admin user to perform 'admin' and 'delete' actions
				'actions'=>array('admin','delete'),
				'users'=>array('admin'),
			),
			array('deny',  // deny all users
				'users'=>array('*'),
			),
		);
	}

	/**
	 * Displays a particular model.
	 * @param integer $id the ID of the model to be displayed
	 */
	public function actionView($id)
	{
		$id = $_GET['id'];
    	$issueDataProvider = new CActiveDataProvider('Issue', array(
                'criteria' => array(
                    'condition' => 'project_id=:projectId',
                    'params' => array(
                        ':projectId' => $this->loadModel($id)->id),
                ),
                'pagination' => array('pageSize' => 1),
    	));
    	$this->render('view', array(
        	'model' => $this->loadModel($id),
        	'issueDataProvider' => $issueDataProvider,
    	));
	}

	/**
	 * Creates a new model.
	 * If creation is successful, the browser will be redirected to the 'view' page.
	 */
	public function actionCreate()
	{
		$model=new Project;

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if(isset($_POST['Project']))
		{
			$model->attributes=$_POST['Project'];
			if($model->save())
				$this->redirect(array('view','id'=>$model->id));
		}

		$this->render('create',array(
			'model'=>$model,
		));
	}

	/**
	 * Updates a particular model.
	 * If update is successful, the browser will be redirected to the 'view' page.
	 * @param integer $id the ID of the model to be updated
	 */
	public function actionUpdate($id)
	{
		$model=$this->loadModel($id);

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if(isset($_POST['Project']))
		{
			$model->attributes=$_POST['Project'];
			if($model->save())
				$this->redirect(array('view','id'=>$model->id));
		}

		$this->render('update',array(
			'model'=>$model,
		));
	}

	/**
	 * Deletes a particular model.
	 * If deletion is successful, the browser will be redirected to the 'admin' page.
	 * @param integer $id the ID of the model to be deleted
	 */
	public function actionDelete($id)
	{
		$this->loadModel($id)->delete();

		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
		if(!isset($_GET['ajax']))
			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
	}

	/**
	 * Lists all models.
	 */
	public function actionIndex()
	{
		$dataProvider=new CActiveDataProvider('Project');
		$this->render('index',array(
			'dataProvider'=>$dataProvider,
		));
	}

	/**
	 * Manages all models.
	 */
	public function actionAdmin()
	{
		$model=new Project('search');
		$model->unsetAttributes();  // clear any default values
		if(isset($_GET['Project']))
			$model->attributes=$_GET['Project'];

		$this->render('admin',array(
			'model'=>$model,
		));
	}

	/**
	 * Returns the data model based on the primary key given in the GET variable.
	 * If the data model is not found, an HTTP exception will be raised.
	 * @param integer $id the ID of the model to be loaded
	 * @return Project the loaded model
	 * @throws CHttpException
	 */
	public function loadModel($id)
	{
		$model=Project::model()->findByPk($id);
		if($model===null)
			throw new CHttpException(404,'The requested page does not exist.');
		return $model;
	}

	/**
	 * Performs the AJAX validation.
	 * @param Project $model the model to be validated
	 */
	protected function performAjaxValidation($model)
	{
		if(isset($_POST['ajax']) && $_POST['ajax']==='project-form')
		{
			echo CActiveForm::validate($model);
			Yii::app()->end();
		}
	}

	public function actionAdduser() 
	{
    $form=new ProjectUserForm;
   		$form=new ProjectUserForm; 
    	$project = $this->loadModel();
    	// collect user input data
    	if(isset($_POST['ProjectUserForm'])) {
        	$form->attributes=$_POST['ProjectUserForm']; 
        	$form->project = $project; // validate user input and set a sucessfull flassh message if valid
        	if($form->validate()) 
        	{
            	Yii::app()->user->setFlash('success',$form->username . " has been added to the project." );
            	$form=new ProjectUserForm;
        	}
    	}
    	// display the add user form 
    	$users = User::model()->findAll(); 
    	$usernames=array(); 
    	foreach($users as $user) 
    	{
        	$usernames[]=$user->username;
    	}
    	$form->project = $project; 
    	$this->render('adduser',array('model'=>$form, 'usernames'=>$usernames)); 
	}
}

where I'm wrong?
0

#2 User is offline   chandran 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 562
  • Joined: 08-October 12
  • Location:Austria

Posted 19 May 2014 - 03:01 AM

Hi,

can you attach screenshot of your error.. its easy to resolve problems :)
Thanks
chandran nepolean

My own extension:
http://www.yiiframew...sion/ejqueryte/
http://www.yiiframew...uallistboxyii1/

My wiki
http://www.yiiframew...checkboxcolumn/

If it work dont hesitate to click +1 button
0

#3 User is offline   rahif 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 272
  • Joined: 11-July 13

Posted 20 May 2014 - 01:06 PM

try to put the rules together in this way:
    ....
    array('allow',  // allow only authenticated user to perform 'index' and 'view' actions
         'actions'=>array('index','view', 'adduser','create','update'),
         'users'=>array('@'),
    ),
    .....

i'm not sure but i think the second part is overwriting the first.
0

#4 User is offline   Solie 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 29-May 14

Posted 02 June 2014 - 09:52 AM

Yaa i have similar problem, I have tried different ways to fixes it but no luck, I've attached a screen shot of the Error 403, generated by the ProjectController.php, and it is coming from these code :

if (!Yii::app()->user->checkAccess('createUser', array('project' => $project))) {
             throw new CHttpException(403, 'You are not authorized to perform this action  TA RARA AA.');
         }


Any Ideas ??

Attached File(s)


0

#5 User is offline   Solie 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 29-May 14

Posted 02 June 2014 - 10:10 AM

I decided to check if my code is right by removing the '!' in
 if (!Yii::app()->user->checkAccess('createUser') 
, well I did it and I was able to access the page and add roles but isn't my logic is wrong now.
0

#6 User is offline   Solie 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 29-May 14

Posted 02 June 2014 - 10:28 AM

Doodler you need to change this part

project = $this->loadModel();



with this

$project = $this->loadModel($id);

0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users