Bizrule in authmanager does not work

system · February 6, 2009, 7:50pm

I’m new too Yii and wanted to start pretty straightforward. I put the code for initializing the roles into an InitController. Then I initialized those roles and put the code for access checking into every action (

if(Yii::app()->user->checkAccess(‘deleteUser’)) …

). This all works pretty good, but I now want to allow users to edit their own account. So I added this rule:

$bizRule='return Yii::app()->user->id==$params["user"]->username;';


$task=$auth->createTask('updateOwnUser','update a your own account',$bizRule);


$task->addChild('updateUser');

but it just doesn't work! The values seem to match (i printed them out) but checkAccess returns false. Is it right to add updateUser as child? I've seen that in the documentation.

qiang · February 6, 2009, 8:42pm

How did you call checkAccess for the update operation?

system · February 7, 2009, 1:45pm

$user=$this->loadUser();


$params = array('user' => $user);


		


if(Yii::app()->user->checkAccess('updateOwnUser', $params) or 


Yii::app()->user->checkAccess('updateUser')) 


		{

system · February 8, 2009, 1:33pm

Is it possible that the bizrule is not called at all? Because when I put an echo in the rule, nothing happened…

qiang · February 8, 2009, 3:36pm

Did you assign the role to the user?

You only need to call Yii::app()->user->checkAccess('updateUser').

The task 'updateOwnUser' will automatically be checked first (with bizRule). If the bizRule succeeds, it will continue to check the child operation 'updateUser'.

system · February 8, 2009, 6:06pm

Thanks, that was it!

But:

The task 'updateOwnUser' will automatically be checked first (with bizRule). If the bizRule succeeds, it will continue to check the child operation 'updateUser'.

To members only updateOwnUser is allowed, and not updateUser so why does he check for updateUser too?

qiang · February 8, 2009, 7:20pm

The following is how checkAccess does:

For each assigned auth item of the user, it first checks if the bizRule for the assignment returns true.
If true, it calls the item's checkAccess method. If the item's bizRule returns true,

2.1. If the item name is the same as the name passed in the original checkAccess() method, it returns true;

2.2. Otherwise, for every child item, it calls its checkAccess.

sgomez84 · April 7, 2011, 12:02pm

Hi,

I am facing the same problem when I am checking access against a bizRule.

What I have is,

Authitem: TenantUser with bizrule


return Yii::app()->user->getTenantId()==$params["tenant_id"];

(getTenantId() is a method in my CWebUser class)

Whenever I try, Yii::app()->user->checkAccess(‘TenantUser’, array(‘tenant_id’=> $tenant_id), even if the tenant_id’s match it return false. I can’t figure out what seems to be going wrong.

Some light would be really helpful.

Thanks

Sid