Difference between #2 and #1 of Simple RBAC

unchanged
Title
Simple RBAC
unchanged
Category
Tutorials
unchanged
Tags
Simple RBAC, Role based access control, roles, Authentication, Role based menu
changed
Content
If you are the one who needsneed simple Role based access
control without the long RBAC process then this article is just for
you. Lets jump to the point.

On youyour user table make a column
namesnamed 'roles'

When you add users under roles you can assign them different
roles like 'Admin' / 'user' / 'staff' etc etc.

On you User Identity.php file write something like..

On your UserIdentity.php file write something like..



~~~
[php]
class UserIdentity extends CUserIdentity
{
    private $id;
    public function authenticate()
    {
       
$record=User::model()->findByAttributes(array('email'=>$this->username));
        if($record===null)
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        else if($record->password!==md5($this->password))
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        else
        {
            $this->id=$record->id;
            $this->setState('roles', $record->roles);            
            $this->errorCode=self::ERROR_NONE;
        }
        return !$this->errorCode;
    }
 
    public function getId(){
        return $this->id;
    }
}
~~~

The important line is 
$this->setState('roles', $record->roles);

You are just adding user roles to their session. 

Now, make a Utils.php file under protected/components directory and implement a
simple Role check function based on how many roles you have.



~~~
[php]
<?php 

class Utils{
	public function isAdmin(){
		if(Yii::app()->user->isGuest)
			return false;
		else if(Yii::app()->user->roles == 'Admin')
			return true;
		else
			return false;
	}
	
	public function isUser(){
		if(Yii::app()->user->isGuest)
			return false;
		else if(Yii::app()->user->roles == 'User')
			return true;
		else
			return false;
	}
}

?>
~~~

And now, from your controller accessRules() function try something like


~~~
[php]
public function accessRules()
{	
	return array(
		array('allow',
			'controllers'=>array('admin'),
			'expression'=>'Utils::isAdmin()',
		),
		array('deny',  // deny all users
			'users'=>array('*'),
		),
	);
}
~~~

Here I just protect my AdminController.php from unauthorised
access.other roles than Admin. Basically from
AdminController.php file accessRules() function it checks the users Roles
written in Utils.php file.

You can also use 1 menu for all users based upon roles. for example


You can also use just one menu for all users based upon different roles.
for example

~~~
[php]
<?php $this->widget('zii.widgets.CMenu',array(
			'items'=>array(				
				array('label'=>'Users', 'url'=>array('/manageUser/admin'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Ideas', 'url'=>array('/manageIdea/admin'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Page Editor', 'url'=>array('/admin/pageeditor'),
'visible'=>Utils::isAdmin()),
				array('label'=>'Your Ideas', 'url'=>array('/userarea/ideaList'),
'visible'=>Utils::isUser()),
				array('label'=>'Add new idea', 'url'=>array('/userarea/create'),
'visible'=>Utils::isUser()),
				array('label'=>'Login', 'url'=>array('/site/login'),
'visible'=>Yii::app()->user->isGuest),
				array('label'=>'Logout ('.Yii::app()->user->name.')',
'url'=>array('/site/logout'), 'visible'=>!Yii::app()->user->isGuest)
			),
		)); ?>
~~~

I hope this little code will help you

Thanks