Having problem getting bizrules to work

mydarkpassenger · March 1, 2011, 9:04am

I just learned how to use the RBAC and so far it’s working great except for the business logic. The task I created looks like it should work but for some reason it always fails. Here’s the logic:




       $bizRule = 'return Yii::app()->user->id==$params["object"]->user_id;';

       $task = $auth->createTask('updateOwnObject', 'update a object by user himself', $bizRule);

and I’m testing it like this:




        $params = array();

        $params['object'] = Object::model()->findByPK(1);

        if (Yii::app()->user->checkAccess('updateOwnObject', $params))

            echo "Has access!";

        else

            echo "Does not have access";

However, when I run the code in a var_dump like this it returns true:




var_dump(Yii::app()->user->id==$params["object"]->user_id);

Does anyone see anything wrong with my code. BTW if you need it here’s the full structure I created:




       $auth = Yii::app()->authManager;


        $auth->createOperation('createUser', 'create a user');

        $auth->createOperation('readUser', 'read a user');

        $auth->createOperation('updateUser', 'update a user');

        $auth->createOperation('deleteUser', 'delete a user');

        

        $auth->createOperation('createObject', 'create an object');

        $auth->createOperation('readObject', 'read an object');

        $auth->createOperation('updateObject', 'update an object');

        $auth->createOperation('deleteObject', 'delete an object');

        

        $bizRule = 'return Yii::app()->user->id==$params["object"]->user_id;';

        $task = $auth->createTask('updateOwnObject', 'update a object by user himself', $bizRule);         

        $task->addChild('updateObject');

        

        $role = $auth->createRole('registered');

        $role->addChild('readUser');

        $role->addChild('readObject');


        $role = $auth->createRole('member');

        $role->addChild('registered');

        $role->addChild('createObject');

        $role->addChild('updateObject');


        $role = $auth->createRole('admin');

        $role->addChild('registered');

        $role->addChild('member');

        $role->addChild('deleteUser');

        $role->addChild('createUser');

        $role->addChild('updateUser');

        $role->addChild('deleteObject');

        $auth->assign('admin', '3');

        $auth->assign('member', '4');

BTW, why does the assign example in the docs use names (for the id)? When I use names it always returns false.

angelica.araujo · March 1, 2011, 2:19pm

Try to call: Yii::app()->user->checkAccess(‘updateObject’)




        $params = array();

        $params['object'] = Object::model()->findByPK(1);

       if(Yii::app()->user->checkAccess('updateObject'))

       // if (Yii::app()->user->checkAccess('updateOwnObject', $params))

            echo "Has access!";

        else

            echo "Does not have access";

angelica.araujo · March 1, 2011, 2:29pm

Check this also:




return array(

    'components'=>array(

        'db'=>array(

            'class'=>'CDbConnection',

            'connectionString'=>'sqlite:path/to/file.db',

        ),

        'authManager'=>array(

            'class'=>'CDbAuthManager',

            'connectionID'=>'db',

        ),

    ),

);

http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#configuring-authorization-manager

mydarkpassenger · March 1, 2011, 3:38pm

updateObject works, it’s just the biz rule that doesn’t. The config file is correct as well. The problem is just limited to the updateOwnObject task.

angelica.araujo · March 1, 2011, 3:50pm

Qiang has an answer: http://www.yiiframework.com/forum/index.php?/topic/725-bizrule-in-authmanager-does-not-work/page__p__3943__hl__authmanager#entry3943

mydarkpassenger · March 1, 2011, 4:00pm

Thank you so much that was the problem, makes total sense, I’m surprised I missed it.

vranac147 · February 1, 2013, 3:16pm

Hi to all

I have same problem




$auth=Yii::app()->authManager;

        $auth->clearAll();

        $auth->createOperation('viewTimelineOwnerMode','View timeline in owner mode');

        $auth->createOperation('viewTimelineVisitorMode','View timeline in visitor mode');

        $auth->createOperation('administration','Admin level');


        //$bizRule= "return ($visited->id == Yii::app()->user->id)";

        $bizRule= "return 1 == 1";

        $task=$auth->createTask('viewOwnTimeline','View own timeline on public profile page',$bizRule);

        $task->addChild('viewTimelineOwnerMode');


        $role=$auth->createRole('member');

        $role->addChild('viewTimelineVisitorMode');

        $role->addChild('viewOwnTimeline');


        $role=$auth->createRole('journalist');

        $role->addChild('viewTimelineOwnerMode');


        $role=$auth->createRole('admin');

        $role->addChild('journalist');

        $role->addChild('administration');


        $auth->assign('admin',649);

        $auth->assign('journalist',600);

        

        $auth->assign('member',304);

so, admin and journalist see viewTimelineOwnerMode, but member not. and $bizRule= "return 1 == 1"; -> always true…

do anybody see what I did wrong?