What am I overlooking in RBAC and bizRule?

Yii 1.1 General Discussion
1

I’ve been following the tutorial (among others) http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control trying to implement RBAC with bizRules.

The first rule I’m trying to define is to allow a user to be able to update their own account but not others. I’m doing this in User::actionUpdate() Like so:




$model=$this->loadModel($id);

$params=array('User'=>$model);

if(Yii::app()->user->checkAccess('updateOwnUser', $params))

The tasks, operations and roles are defined as so and are present in the database as expected:




$bizRule='return Yii::app()->user->id==$params["User"]->id';

$task=$this->_authManager->createTask('updateOwnUser','Update your own account.', $bizRule);

$role=$this->_authManager->createRole('reader');

$role->addChild('updateOwnUser');

$this->_authManager->assign('manager', 1); // manager inherits reader

The user (in this case user->id ==1) has been assigned to a role that inherits ‘reader’ and should therefore be able to update their own account. However the checkAccess() method always returns false. If I add this code before checkAccess():




die(  Yii::app()->user->id .' == '. $params["User"]->id );

I will see:




1 == 1

which is what I expect.

I feel that I’m like I’m overlooking something as it all seems straight forward but not working.

Can anyone tell me what I’ve done wrong?

2

Does anyone have some thoughts on my RBAC issue? Any direction would be greatly appreciated.

3

I spend a good hour trying to figure out the similar issue. The problem was in a stupid syntax error inside a bizRule string. It appears that Yii is never throwing an error, just quietly swallows it and returns FALSE in eval cases like this one.

I can’t see any problem with your code. But, just in case, here’s a snapshot of one (of the two) Yii books:




    $row1 = $this->projUserRole['row1'];

    Yii::app()->user->setId($row1['user_id']);

    $project = Project::model()->findByPk($row1['project_id']);


    $auth = Yii::app()->authManager;

    $bizRule = 'return isset($params["project"]) && $params["project"]->isUserInRole("member");';

    $auth->assign('member', $row1['user_id'], $bizRule);

    $params = array('project' => $project);

    $this->assertTrue(Yii::app()->user->checkAccess('updateIssue', $params));

Hopefully, that helps.

4

Thanks Nick,

You’re right. It was an syntax issue. I was missing a simple semi-colon at the end of the statement.

Dubby