Access Rules Need Help For Manage User And Delete

ezekel · September 29, 2014, 5:14am

I start creating table "user" with the following fields=>id,username,password

Then I created a model generated by gii tool.

I can create user and edit user (username and password) and I can successfully loging in with the users that I created.but I noticed I could not delete and manage users so after following weeks I decided to add one column =>role in my database




id     username      password           role


1        john        passwordhash       user


2        test        passwordhash       user


3        owner       passwordhash       admin

How can I add accesrules to my admin so that it can perform manage user and delete or can perform all the action with no restriction.

UserController.php




<?php


class UserController extends Controller

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

			'accessControl', // perform access control for CRUD operations

			'postOnly + delete', // we only allow deletion via POST request

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('index','view'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

			array('allow', // allow admin user to perform 'admin' and 'delete' actions

				'actions'=>array('admin','delete'),

				'users'=>array('admin'),

			),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}


	/**

	 * Displays a particular model.

	 * @param integer $id the ID of the model to be displayed

	 */

	public function actionView($id)

	{

		$this->render('view',array(

			'model'=>$this->loadModel($id),

		));

	}


	/**

	 * Creates a new model.

	 * If creation is successful, the browser will be redirected to the 'view' page.

	 */

	public function actionCreate()

	{

		$model=new User;


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['User']))

		{

			$model->attributes=$_POST['User'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('create',array(

			'model'=>$model,

		));

	}


	/**

	 * Updates a particular model.

	 * If update is successful, the browser will be redirected to the 'view' page.

	 * @param integer $id the ID of the model to be updated

	 */

	public function actionUpdate($id)

	{

		$model=$this->loadModel($id);


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['User']))

		{

			$model->attributes=$_POST['User'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('update',array(

			'model'=>$model,

		));

	}


	/**

	 * Deletes a particular model.

	 * If deletion is successful, the browser will be redirected to the 'admin' page.

	 * @param integer $id the ID of the model to be deleted

	 */

	public function actionDelete($id)

	{

		$this->loadModel($id)->delete();


		// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

		if(!isset($_GET['ajax']))

			$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

	}


	/**

	 * Lists all models.

	 */

	public function actionIndex()

	{

		$dataProvider=new CActiveDataProvider('User');

		$this->render('index',array(

			'dataProvider'=>$dataProvider,

		));

	}


	/**

	 * Manages all models.

	 */

	public function actionAdmin()

	{

		$model=new User('search');

		$model->unsetAttributes();  // clear any default values

		if(isset($_GET['User']))

			$model->attributes=$_GET['User'];


		$this->render('admin',array(

			'model'=>$model,

		));

	}


	/**

	 * Returns the data model based on the primary key given in the GET variable.

	 * If the data model is not found, an HTTP exception will be raised.

	 * @param integer $id the ID of the model to be loaded

	 * @return User the loaded model

	 * @throws CHttpException

	 */

	public function loadModel($id)

	{

		$model=User::model()->findByPk($id);

		if($model===null)

			throw new CHttpException(404,'The requested page does not exist.');

		return $model;

	}


	/**

	 * Performs the AJAX validation.

	 * @param User $model the model to be validated

	 */

	protected function performAjaxValidation($model)

	{

		if(isset($_POST['ajax']) && $_POST['ajax']==='user-form')

		{

			echo CActiveForm::validate($model);

			Yii::app()->end();

		}

	}

}




Thank you in advance.

negar · September 29, 2014, 5:28am

My link

ezekel · September 29, 2014, 5:40am

I don’t understand

ezekel · September 29, 2014, 5:44am

I want all my user having role value => admin ,can perform delete,update,create and manage users.

ezekel · September 30, 2014, 2:34am

I need your help please

negar · September 30, 2014, 4:29am




array('allow', // allow admin user to perform 'admin' and 'delete' actions

                                'actions'=>array('admin','delete','index','create','update'),

                                'users'=>array('admin'),

                        ),

admin can manage, delete , update or create user!

ezekel · September 30, 2014, 7:52am

n-r:




array('allow', // allow admin user to perform 'admin' and 'delete' actions

                                'actions'=>array('admin','delete','index','create','update'),

                                'users'=>array('admin'),

                        ),

admin can manage, delete , update or create user!

I tried but if I use admin it would not work


'users'=>array('admin'),

but if i do like this


'users'=>array('owner'),

it works fine.

why is it?

Thank you in advance.

negar · September 30, 2014, 9:00am

Do you read the previous article (mylink)?!!

You must first define Admin role, ok??

ezekel · October 2, 2014, 9:40am

Ok Thank you so much for the patience and helping me.

more power to you always.

ezekel · October 4, 2014, 4:39pm

@n-r,

I just want to ask is this




Yii:app()->user->isAdmin

can be accessed in views,I don’t know how to access this and where to access this.

Thank you in advance.

ezekel · October 4, 2014, 5:14pm

why I get this error


 Notice: Trying to get property of non-object in C:\wamp\www\myyii\protected\components\WebUser.php on line 23

ezekel · October 4, 2014, 5:39pm

I change it this way in

WebUser.php




  function isAdmin(){

        $user = $this->loadUser(Yii::app()->user->id);

        return  $user->role == 'admin'; //role is the name of my table column with value admin and not_admin

    }

I tried to access isAdmin() in views/layout/main.php

but I get error like I posted above "Trying to get property of non-object in"

can you help me please

Thank you in advance.