Yii Framework Forum: User Access based on URL - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

User Access based on URL Rate Topic: -----

#1 User is offline   chuntley 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 23-April 10

Posted 26 April 2010 - 11:43 AM

I'm thinking about converting one of my existing applications into Yii, and have been spending quite a bit of time researching into it.

The way the app currently works is that there are different projects that people can have access to. Users can have access to multiple projects, and in each project have a different set of permissions. Currently the system simply takes the project ID from the URL, and defines all permissions from that. The permissions get even further complicated than that as in each project there are documents, and users have certain access to each document.

How would that be done in Yii's RBAC? Any code examples or pointers into the right direction? I think that if I understand how to separate user's access by which project they are viewing, I can then figure out the rest.
0

#2 User is offline   Vince. 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 432
  • Joined: 29-December 08
  • Location:Los Angeles,CA

Posted 26 April 2010 - 01:07 PM

I think for such a complicated access control you might want to read about CDbAuthManager
Vince Gabriel, Lead Developer.
Posted ImagePosted ImagePosted Image
0

#3 User is offline   chuntley 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 23-April 10

Posted 26 April 2010 - 01:14 PM

View PostVince., on 26 April 2010 - 01:07 PM, said:

I think for such a complicated access control you might want to read about CDbAuthManager


Yes I agree that is the right direction, and do plan on using it. My one problem though is that I cannot figure out how to implement it with the RBAC instructions on the documentation page. Are there any good examples of that out there?
0

#4 User is offline   Vince. 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 432
  • Joined: 29-December 08
  • Location:Los Angeles,CA

Posted 26 April 2010 - 01:26 PM

What do you want to know? There are a few extensions that provide the RBAC management as a module, You could look at those as an example.
Vince Gabriel, Lead Developer.
Posted ImagePosted ImagePosted Image
0

#5 User is offline   Onman 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 175
  • Joined: 26-December 09
  • Location:The Netherlands

Posted 26 April 2010 - 06:28 PM

There are 2 options from CDbAuthManager (or CPhpAuthManager) you'll have to use.

1. The static option:
Define an operation id (like "op_project_view") for each possible action in your application and define it in Yii's RBAC system.
You can now assign this operation to tasks or roles or users (whichever you prefer).

2. The dynamic option:
Define a business rule like: "only allow access to a project which I'm a member of".
Suppose you have a table which links users to projects, you then can write php code to check if the user/project combination exists. This php code should return true if this combination exists (i.e. the user is granted access) or false if it does not exists. Your business rule could look something like:

($userInProject=='Yes' ? true : false);

For more info in the biz rules look at
http://www.yiiframew...ide/topics.auth
And find this string: $bizRule
0

#6 User is offline   chuntley 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 23-April 10

Posted 28 April 2010 - 12:58 PM

View PostOnman, on 26 April 2010 - 06:28 PM, said:

2. The dynamic option:
Define a business rule like: "only allow access to a project which I'm a member of".
Suppose you have a table which links users to projects, you then can write php code to check if the user/project combination exists. This php code should return true if this combination exists (i.e. the user is granted access) or false if it does not exists. Your business rule could look something like:


Where do you recommend placing the code that checks? Should that be in the SiteController? Is there some sort of "Before page load" or something similar that I can use?

I have these methods:

public function validateTopid($topid)
if(is_numeric($topid)
{
   return true;
}


public function checkAccess($topid)
{
//check user_access table and see if there is a row where it matches userid && topid
//return true
//or block access
}

0

#7 User is offline   Spyros 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 461
  • Joined: 14-April 09
  • Location:Athens - Greece

Posted 28 April 2010 - 11:00 PM

You can create a BaseController that extends CController and override it's beforeAction function to do the checks
Then have your all controllers extend BaseController
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users