Difference between #5 and #6 of
Impersonate Users within Yii Framework

Revision #6 has been created by Woil on Mar 8, 2011, 4:14:53 PM with the memo:

refactor logInUser
« previous (#5) next (#7) »

Changes

Title unchanged

Impersonate Users within Yii Framework

Category unchanged

Tutorials

Yii version unchanged

Tags unchanged

login, access, administration, impersonate, tutorial

Content changed

[...]
This tutorial assumes you've set up a very standard Yii web application and was written when 1.1.6 was the current standard. We're also assuming you have a User model that we'll call "User". This is the model that stores your username, password, and other user related account information.

Step 1: UserIdentity

Open your protected.components.UserIdentity class. This should have an existing "authenticate" method that is called by the login form to authenticate a user. Create a static function called Impersonate that looks like this:
 
 
 
```php 
public static function impersonate($userId)
 
{
 
$ui = null;
 
$user = User::model()->findByPk($userId);
 
if($user)
 
{
 
$ui = new UserIdentity($user->email, "");
 
$ui->_user = $user;
 
$ui->_id = $user->id;
 
$ui->setState('name', $user->name);
 
$ui->errorCode=self::ERROR_NONE;
 
}
 
return $ui;
 
}
 
```
 
 
This function creates a UserIdentity for the specified userId and returns it.We'll begin by refactoring this method a little to pull out the actual work of saving the user. 
 
 
 
```php 
public function authenticate()
 
    {
 
        $this->_user=User::model()->findByAttributes(array('username'=>$this->username));
 
        if($this->_user===null)
 
            $this->errorCode=self::ERROR_USERNAME_INVALID;
 
        else if($this->_user->password!==$this->password)
 
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
 
        else
 
        {
 
            $this->logInUser($this->_user);
 
        }
 
        return !$this->errorCode;
 
    }
 
 
    protected function logInUser($user)
 
    {
 
     if($user)
 
     {
 
            $this->_user = $user;
 
            $this->_id=$this->_user->id;
 
            $this->setState('name', $this->_user->name);
 
            $this->errorCode=self::ERROR_NONE;
 
     }
 
    }
 
```
 
 
Note that your authenticate function might be finding the user by a different attribute, you mostly want to change it to call logInUser when it has successfully authenticated the user.
 
 
Now create a static function called Impersonate that looks like this:
 
 
 
```php 
public static function impersonate($userId)
 
{
 
$ui = null;
 
$user = User::model()->findByPk($userId);
 
if($user)
 
{
 
$ui = new UserIdentity($user->email, "");
 
$ui->logInUser($user);
 
}
 
return $ui;
 
}
 
```
 
 
This function creates a UserIdentity for the specified userId and returns it. It uses our refactored logInUser function to log the user in. The advantage of using this function is that it avoids some of the private/protected access problems of using a static function. (There are some comments about this below that were added before this article was updated to include this refactor.)

Step 2: Create an impersonate action on your site controller:


```php
[...]
20 0
21 followers
Viewed: 26 274 times
Version: 1.1
Category: Tutorials
Tags: access, administration, impersonate, login, tutorial
Written by: Woil
Last updated by: Woil
Created on: Mar 4, 2011
Last updated: 13 years ago
Update Article
Revert to #5 | Revert to #6

Revisions

View all history