I just learned how to use the RBAC and so far it’s working great except for the business logic. The task I created looks like it should work but for some reason it always fails. Here’s the logic:
$bizRule = 'return Yii::app()->user->id==$params["object"]->user_id;';
$task = $auth->createTask('updateOwnObject', 'update a object by user himself', $bizRule);
and I’m testing it like this:
$params = array();
$params['object'] = Object::model()->findByPK(1);
if (Yii::app()->user->checkAccess('updateOwnObject', $params))
echo "Has access!";
else
echo "Does not have access";
However, when I run the code in a var_dump like this it returns true:
var_dump(Yii::app()->user->id==$params["object"]->user_id);
Does anyone see anything wrong with my code. BTW if you need it here’s the full structure I created:
$auth = Yii::app()->authManager;
$auth->createOperation('createUser', 'create a user');
$auth->createOperation('readUser', 'read a user');
$auth->createOperation('updateUser', 'update a user');
$auth->createOperation('deleteUser', 'delete a user');
$auth->createOperation('createObject', 'create an object');
$auth->createOperation('readObject', 'read an object');
$auth->createOperation('updateObject', 'update an object');
$auth->createOperation('deleteObject', 'delete an object');
$bizRule = 'return Yii::app()->user->id==$params["object"]->user_id;';
$task = $auth->createTask('updateOwnObject', 'update a object by user himself', $bizRule);
$task->addChild('updateObject');
$role = $auth->createRole('registered');
$role->addChild('readUser');
$role->addChild('readObject');
$role = $auth->createRole('member');
$role->addChild('registered');
$role->addChild('createObject');
$role->addChild('updateObject');
$role = $auth->createRole('admin');
$role->addChild('registered');
$role->addChild('member');
$role->addChild('deleteUser');
$role->addChild('createUser');
$role->addChild('updateUser');
$role->addChild('deleteObject');
$auth->assign('admin', '3');
$auth->assign('member', '4');
BTW, why does the assign example in the docs use names (for the id)? When I use names it always returns false.