Yii Framework Forum: Access rules for the module - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Access rules for the module Rate Topic: ***** 1 Votes

#1 User is offline   frantic 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 172
  • Joined: 01-March 10
  • Location:Saint-Petersburg

Posted 02 June 2010 - 07:30 PM

Hi!

Does anybody know how to restrict access to whole module? Cause there are many controllers and actions, and it's so tired to configure access rules for each action in each controller.

Thank you.
0

#2 User is offline   luoshiben 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 51
  • Joined: 15-January 09

Posted 02 June 2010 - 07:53 PM

This will work for independent controllers or for controllers in modules, but you could always have all of the controllers within your module extend a base controller. Then, in that base controller override the beforeAction method and put your authorization code in there. If you'd like to use role-based access control, there's a pretty good extension called srbac that utilizes this technique.
0

#3 User is offline   zaccaria 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 2,232
  • Joined: 04-October 09
  • Location:Moscow

Posted 03 June 2010 - 06:11 AM

You can implement the beforeControllerAction like that:

<?php

class AdminModule extends CWebModule
{
	public function init()
	{
		// this method is called when the module is being created
		// you may place code here to customize the module or the application

		// import the module-level models and components
		$this->setImport(array(
			'admin.models.*',
			'admin.components.*',
		));
	}
	/**
	 *	Check if the user has the role admin
	 * if not, displays an error message
	 * @param Ccontroller the controller 
	 * @param string the action requested
	 * @return boolean weather to proceed with process the action
	 */
	public function beforeControllerAction($controller, $action)
	{
		if(parent::beforeControllerAction($controller, $action))
		{
			if(!Yii::app()->user->checkAccess('admin'))
				throw new CHttpException(403,'You are not authorized to perform this action.');
			// this method is called before any module controller action is performed
			// you may place customized code here
			return true;
		}
		else
			return false;
	}
}



Loke that you can avoid to create a parent controller
0

#4 User is offline   frantic 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 172
  • Joined: 01-March 10
  • Location:Saint-Petersburg

Posted 03 June 2010 - 10:17 AM

Thanks for replies!

Zaccaria your method works fine, but I need to redirect to login page if user has not an access. If I write like this:
if ( !Yii::app()->user->checkAccess('admin') ) {
	Controller::redirect(Yii::app()->request->baseUrl . Yii::app()->user->loginUrl);
}


then I get an endless redirect, because the login action belongs to admin module too. If I write:
if ( Yii::app()->user->isGuest && Yii::app()->request->requestUri != Yii::app()->request->baseUrl . Yii::app()->user->loginUrl ) {
	Controller::redirect(Yii::app()->request->baseUrl . Yii::app()->user->loginUrl);
}


it works then, but looks terrible :lol:

I wrote here Yii::app()->user->isGuest, because I don't need rbac, cause it's only one privileged user, but I'm not sure it is safe way too.
0

#5 User is offline   zaccaria 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 2,232
  • Joined: 04-October 09
  • Location:Moscow

Posted 03 June 2010 - 12:25 PM

For being safe is safe.

If the login is in admin module, there are no other solution, your is absolutely legal and ok.

I usually leave the login page out of admin module, because the admin page is a page on wich all user are allowed to go, and only user I want are allowed to continue in the restricted area.

My advice is to put the login out of admin module and to write just

if ( Yii::app()->user->isGuest) {
        Controller::redirect(Yii::app()->request->baseUrl . Yii::app()->user->loginUrl);
}

0

#6 User is offline   frantic 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 172
  • Joined: 01-March 10
  • Location:Saint-Petersburg

Posted 03 June 2010 - 11:46 PM

Yes it's good solution, but I thought the module must be self-sufficient and I we put our login page out of the module it makes some inconveniences in future when we will want to carry our Admin Panel to new website. In this case we also need to recreate the login page view and the controller file for one, in addition also the model if we wanna use RBAC later. How do you solve these little troubles?
0

#7 User is offline   frantic 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 172
  • Joined: 01-March 10
  • Location:Saint-Petersburg

Posted 05 June 2010 - 12:48 PM

Guys, does anybody use the Uploadify in the module? I have a strange problem. If the data is sending via uploadify ( $_FILES array ) then Yii::app()->user->isGuest is true.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users