Strange behavior in CDBAuthManager -> clearAuthAssignments

Yii 1.1 General Discussion
1

Ok, this is the weirdest thing I ever encounter. I am not understand yet about Yii framework. But today, I don’t know this is somekind of bug or what. To summary, I found out that CDBAuthManager->clearAuthAssignments() doesn’t clear the tables if I run on Firefox or Opera. But it does delete the table if I try it on Chrome.

To explain why like that, maybe I will tell how I code.

Today I learn how to use RBAC to authorizing in my web application. So I code like this:




//In protected/controller/SiteController.php

public function actionLogin()

	{

		....


			if($model->validate() && $model->login()){

			    $this->actionBuildAuth();

                            ...

			}

                ....

	}





//in protected/components/SiteController.php

public function actionBuildAuth()

    {

        $auth=Yii::app()->authManager;


        $auth->clearAll();

        

        //create operations

        //Users

        $auth->createOperation ('listUser', 'Menampilkan users');

        ...

        

        

        //task

        $task = $auth->createTask('manageUser');

        $task->addChild('listUser');        

        ...


        $role = $auth->createRole('manager');

        $role->addChild('reportInventoryOpname');

        ...

       

       $auth->save();

    }





//in protected/components/UserIdentity.php

public function authenticate()

	{

 

	...

        }else{ //If validation success

            $this->errorCode = self::ERROR_NONE;

            ....

            

            $this->_id=$users->id;

            $auth=Yii::app()->authManager;

            if(!$auth->isAssigned($users->type,$this->_id))

            {

                    if($auth->assign($users->type,$this->_id)){

                            Yii::app()->authManager->save();

                      }

            }

        }

	...

	}

At first I didn’t realize there is wrong step on my above code. So it assign user at first, later call actionBuildAuth() which it do $auth->clearAll();

So here is the weird one. According to the code, calling $auth->clearAll() should make the table of “assignmentTable” empty. That’s mean the $auth->assign() function that I called in authenticate() should be gone too…

But in reality I test it by login on Firefox and Opera, it doesn’t empty.

Only in Chrome it does empty.

So why it can be like that? :( :ph34r: :ph34r:

2

Browser cannot made any difference in behaviour of this php function.

Maybe on Chrome you was already logged in and in the other browser you wasn’t, that can made some difference in behavior.

Your code is strange, you should change some stuff.

You should’t create the authorization tree on login, it should’t work like that.

The roles should be created once and stored in database, so the actionBuildAuth should be called once in the life of your application.

When you log in a user, the roles he has been granted will be authomatically loaded and all will work fine.

The only operation on authorization that is usually done in the normal lifecyicle of an application is grant/revoke roles on user, but roles should be defined once.

3

Yes, I know it is impossible for browser to affect the php function. But I have trace down to clearAuthAssignments() function by giving die() before and after function call. But well, maybe you’re right, since I am not an expert myself…

I see, so where should I put the code. I just dunno where should I put the code, that’s why I just put it at there :P

I know that in order to make it run once I think I just need to put validation before create authorization tree. But where is the good place to call the function??

4

You can write an actionSetRoles() in some controller, run once and then delete (or, better, forbid the use).

If you are more confident about what CDbAuthManager saves in your database you can even set the roles by adding directly in database.

I prefer to use the one-time action, anyway

5

Ow… I think I get it… Gotta try it. Thanks :)