Difference between #9 and #8 of Simple authorization system

unchanged
Title
Simple authorization system
unchanged
Category
How-tos
unchanged
Tags
auth, authorization, security
changed
Content
How to create a simple (non-RBAC) authorization system

As I notice reading the forum, this is a frequent doubt, so I decided to write
this article.

This article covers only the authorization system. I assume you already know how
to create an authentication system ( login ).

### Database

Firstly, in the 'user' table, create a new integer field called
'**accessLevel**', that defines the user's access level

### Extending CWebUser

in your config file (usually protected/config/main.php)

~~~
[php]

'components'=>array(
  'user'=>array(
    //tell the application to use your WebUser class instead of the default
CWebUser
    'class'=>'WebUser',
    //...
  ),
),

~~~

In your components folder ( protected/components ) create a 'WebUser.php' file
and a class like this:

~~~
[php]

class WebUser extends CWebUser{
 private $_user;
 //is the user a superadmin ?
 function getIsSuperAdmin(){
  return ( $this->user && $this->user->accessLevel
===== User::LEVEL_SUPERADMIN );
 }
 //is the user an administrator ?
 function getIsAdmin(){
  return ( $this->user && $this->user->accessLevel >=
User::LEVEL_ADMIN );
 }
 //get the logged user
 function getUser(){
  if( $this->isGuest )
   return;
  if( $this->_user === null ){
   $this->_user = User::model()->findByPk( $this->id );
  }
  return $this->_user;
 }
}

~~~

### Usage

now to validate the user using the filter accessControl


~~~
[php]

//in your controller
function accessRules(){
  return array(
    //only accessable by admins
    array('allow',
      'expression'=>'$user->isAdmin',
       //the 'user' var in an accessRule expression is a reference to
Yii::app()->user
    ),
    //deny all other users
    array('deny',
      'users'=>array('*').
    ),
  );
}

~~~

using it in your views


~~~
[php]

if(Yii::app()->user->isAdmin){
   echo 'Welcome, administrator!';
}
if(Yii::app()->user->isSuperAdmin){
   echo 'You are the man!';
}

~~~

### Data representation

Now in your User model, to facilitate the data representation of an integer
field do the following


~~~
[php]

class User extends CActiveRecord{
 //define the number of levels that you need
 const LEVEL_REGISTERED=0, LEVEL_AUTHOR=1, LEVEL_ADMIN=6, LEVEL_SUPERADMIN=99;

 //define the label for each level
 static function getAccessLevelList( $level = null ){
  $levelList=array(
   self::LEVEL_REGISTERED => 'Registered',
   self::LEVEL_AUTHOR => 'Author',
   self::LEVEL_ADMIN => 'Administrator'
  );
  if( $level === null)
   return $levelList;
  return $levelList[ $level ];
 }
}

//using it in forms
$form->dropDownList($model,'accessLevel',$model->accessLevelList);

//using it in DetailView
$this->widget('zii.widgets.CDetailView',array(
  'data'=>$model,
  'attributes'=>array(
   //...,
   array(
    'name'=>'accessLevel',
    'value'=>$model->accessLevelList[$model->accessLevel],
   ),
  ),
));

//using it in GridView
$this->widget('zii.widgets.CGridView',array(
  'dataProvider'=>$model->search(),
  'columns'=>array(
   //...,
   array(
    'name'=>'accessLevel',
    'value'=>'$data->accessLevelList[$data->accessLevel]',
   ),
  ),
));

//display the administrator label 
echo User::getAccessLevelList( User::LEVEL_ADMIN );


~~~

And that is it. I hope that helps you.

Cheers,
Gustavo

### Read more

- [Definitive guide - Authentication and
Authorization](http://www.yiiframework.com/doc/guide/1.1/en/topics.auth
"")
- [Wiki - Understanding Virtual Attributes and get/set
methods](http://www.yiiframework.com/wiki/167/understanding-virtual-attributes-and-get-set-methods
"")
- [Wiki - How to add more information to
Yii::app()->user](http://www.yiiframework.com/wiki/6/how-to-add-more-information-to-yii-app-user
"")
- [Wiki - Add information to Yii::app()->user by extending
CWebUser](http://www.yiiframework.com/wiki/60/add-information-to-yii-app-user-by-extending-cwebuser
"")

### Links
[Chinese
Version](http://www.yiiwiki.com/wiki/view/id/19/title/%E7%AE%80%E5%8D%95%E7%9A%84%E7%94%A8%E6%88%B7%E6%8E%88%E6%9D%83%E7%B3%BB%E7%BB%9F
"")