Installing Yii Users and Rights to Newly Created Yii app

  1. Download
  2. unzip
  3. Create tables for user module
  4. configure
  5. install Rights module
  6. change the main config file
  7. change main layout
  8. Add rights
  9. continue

After creating an yii app . we need to implement permission, Authentication and Authorization .so the best way is to use the Yii users and Rights modules.

its very simple to install these modules


Download the yii-user user and rights rights extensions and unzip them.


unzip the modules to



Create tables for user module

then goto /protected/modules/user/data/schema.mysql.sql

Need to update schema.mysql.sql to create field lastvisit_at instead of lastvisit

open the sql file ,and create the tables manually(that i prefer) , remove the 'tbl_' prefix from the tables(i prefer)


then configure the config/main

under import


under modules

                'tableUsers' => 'users',
                'tableProfiles' => 'profiles',
                'tableProfileFields' => 'profiles_fields',

under components

                // enable cookie-based authentication
                'defaultRoles'=>array('Authenticated', 'Guest'),

after saving the main config file

install Rights module

install the rights

so that you have to login to user/login

(according to your url style)




after successful installation

change the main config file

change the main config file to

under modules

                'tableUsers' => 'users',
                'tableProfiles' => 'profiles',
                'tableProfileFields' => 'profiles_fields',
					 # encrypting method (php hash function)
				'hash' => 'md5',
				# send activation email
				'sendActivationMail' => true,
				# allow access for non-activated users
				'loginNotActiv' => false,
				# activate user on registration (only sendActivationMail = false)
				'activeAfterRegister' => false,
				# automatically login from registration
				'autoLogin' => true,
				# registration path
				'registrationUrl' => array('/user/registration'),
				# recovery password path
				'recoveryUrl' => array('/user/recovery'),
				# login form path
				'loginUrl' => array('/user/login'),
				# page after login
				'returnUrl' => array('/user/profile'),
				# page after logout
				'returnLogoutUrl' => array('/user/login'),
		//Modules Rights
				'superuserName'=>'Admin', // Name of the role with super user privileges. 
			   'authenticatedName'=>'Authenticated',  // Name of the authenticated user role. 
			   'userIdColumn'=>'id', // Name of the user id column in the database. 
			   'userNameColumn'=>'username',  // Name of the user name column in the database. 
			   'enableBizRule'=>true,  // Whether to enable authorization item business rules. 
			   'enableBizRuleData'=>true,   // Whether to enable data for business rules. 
			   'displayDescription'=>true,  // Whether to use item description instead of name. 
			   'flashSuccessKey'=>'RightsSuccess', // Key to use for setting success flash messages. 
			   'flashErrorKey'=>'RightsError', // Key to use for setting error flash messages. 
			   'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested. 
			   'layout'=>'rights.views.layouts.main',  // Layout to use for displaying Rights. 
			   'appLayout'=>'application.views.layouts.main', // Application layout. 
			   'cssFile'=>'rights.css', // Style sheet file to use for Rights. 
			   'install'=>false,  // Whether to enable installer. 



Your application is now ready .

change main layout

change the main layout.

                array('label'=>Yii::t('app','Home'), 'url'=>array('/site/index')),
				array('label'=>Yii::t('app','About'), 'url'=>array('/site/page', 'view'=>'about')),
				array('label'=>Yii::t('app','Contact'), 'url'=>array('/site/contact')),
                array('label'=>Yii::t('app','Login'), 'url'=>array('/user/login'),'visible'=>Yii::app()->user->isGuest),
                array('label'=>Yii::t('app','Rights'), 'url'=>array('/rights')),
                array('label'=>Yii::t('app','Logout').' ('.Yii::app()->user->name.')', 'url'=>array('/user/logout'), 'visible'=>!Yii::app()->user->isGuest)

Add rights

Then add rights filter to all controller


public function filters()
		return array(
			'rights', // perform access control for CRUD operations

and change the extended controller to 'extends RController'.

then take rights in your url(according to url style) .