Sorry, the problem is on page 212.
I am using Yii 1.1.6 r2877, and I have practiced through the book, but get stuck on page 211, in section checking authorization level.
The purpose of that section is to restrict users from gaining access to createUser.
So I tried my own way like this:
File: ProjectController.php
Action: actionAdduser()
public function actionAdduser($id)
{
$project = $this->loadModel($id);
//$params=array('project'=>$project);
if(!$project->isUserInRole('owner'))
{
throw new CHttpException(403,'Damn You!, you are not authorized to perform this action.');
}
$form=new ProjectUserForm;
// collect user input data
if(isset($_POST['ProjectUserForm']))
{
$form->attributes=$_POST['ProjectUserForm'];
$form->project = $project;
// validate user input and set a sucessfull flassh message if valid
if($form->validate())
{
Yii::app()->user->setFlash('success',$form->username . " has been added to the project." );
$form=new ProjectUserForm;
}
}
// display the add user form
$users = User::model()->findAll();
$usernames=array();
foreach($users as $user)
{
$usernames[]=$user->username;
}
$form->project = $project;
$this->render('adduser',array('model'=>$form, 'usernames'=>$usernames));
}
This works because in my table tbl_project_user_role, I have manually inserted this row:
mysql> select * from tbl_project_user_role;
+------------+---------+-------+
| project_id | user_id | role |
+------------+---------+-------+
| 1 | 1 | owner |
+------------+---------+-------+
1 row in set (0.02 sec)
But after I tried this way, as instructed in the book, nothing works.
public function actionAdduser($id)
{
$project = $this->loadModel($id);
/*
if(!$project->isUserInRole('owner'))
{
throw new CHttpException(403,'Damn You!, you are not authorized to perform this action.');
}
*/
if(!Yii::app()->user->checkAccess('createUser', array('project'=>$project)))
{
throw new CHttpException(403,'You are not authorized to perform this action.');
}
$form=new ProjectUserForm;
// collect user input data
if(isset($_POST['ProjectUserForm']))
{
$form->attributes=$_POST['ProjectUserForm'];
$form->project = $project;
// validate user input and set a sucessfull flassh message if valid
if($form->validate())
{
Yii::app()->user->setFlash('success',$form->username . " has been added to the project." );
$form=new ProjectUserForm;
}
}
// display the add user form
$users = User::model()->findAll();
$usernames=array();
foreach($users as $user)
{
$usernames[]=$user->username;
}
$form->project = $project;
$this->render('adduser',array('model'=>$form, 'usernames'=>$usernames));
}
No matter which account i used to login, I always get prompted with Error 403. It looks like that I have to look into something more about Yii::app()->user->checkAccess() to make it communicate with db, but I can’t find anyway to fix it.