Difference between #1 and #2 of Simple RBAC

unchanged
Title
Simple RBAC
unchanged
Category
Tutorials
unchanged
Tags
Simple RBAC, Role based access control, roles, Authentication, Role based menu
changed
Content
If you are the one who needneeds simple Role based access
control without the long RBAC process then this article is just for
you. Lets jump to the point.

On youryou user table make a column
namednames 'roles'

When you add users under roles you can assign them different
roles like 'Admin' / 'user' / 'staff' etc etc.

On you User Identity.php file write something like..

On your UserIdentity.php file write something like..



~~~
[php]
class UserIdentity extends CUserIdentity
{
    private $id;
    public function authenticate()
    {
       
$record=User::model()->findByAttributes(array('email'=>$this->username));
        if($record===null)
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        else if($record->password!==md5($this->password))
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        else
        {
            $this->id=$record->id;
            $this->setState('roles', $record->roles);            
            $this->errorCode=self::ERROR_NONE;
        }
        return !$this->errorCode;
    }
 
    public function getId(){
        return $this->id;
    }
}
~~~

The important line is 
$this->setState('roles', $record->roles);

You are just adding user roles to their session. 

Now, make a Utils.php file under protected/components directory and implement a
simple Role check function based on how many roles you have.



~~~
[php]
<?php 

class Utils{
	public function isAdmin(){
		if(Yii::app()->user->isGuest)
			return false;
		else if(Yii::app()->user->roles == 'Admin')
			return true;
		else
			return false;
	}
	
	public function isUser(){
		if(Yii::app()->user->isGuest)
			return false;
		else if(Yii::app()->user->roles == 'User')
			return true;
		else
			return false;
	}
}

?>
~~~

And now, from your controller accessRules() function try something like


~~~
[php]
public function accessRules()
{	
	return array(
		array('allow',
			'controllers'=>array('admin'),
			'expression'=>'Utils::isAdmin()',
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}
~~~

Here I just protect my AdminController.php from other roles than
Admin.unauthorised access. Basically from AdminController.php
file accessRules() function it checks the users Roles written in Utils.php
file.

You can also use 1 menu for all users based upon roles. for example


You can also use just one menu for all users based upon different roles.
for example

~~~
[php]
<?php $this->widget('zii.widgets.CMenu',array(
			'items'=>array(				
				array('label'=>'Users', 'url'=>array('/manageUser/admin'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Ideas', 'url'=>array('/manageIdea/admin'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Page Editor', 'url'=>array('/admin/pageeditor'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Your Ideas', 'url'=>array('/userarea/ideaList'),
'visible'=>Utils::isUser()),
				array('label'=>'Add new idea', 'url'=>array('/userarea/create'),
'visible'=>Utils::isUser()),
				array('label'=>'Login', 'url'=>array('/site/login'),
'visible'=>Yii::app()->user->isGuest),
				array('label'=>'Logout ('.Yii::app()->user->name.')',
'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)
			),
		)); ?>
~~~

I hope this little code will help you

Thanks