Revision #2 has been created by seenivasan on Apr 16, 2013, 7:18:32 PM with the memo:
Few typos corrected.
« previous (#1)
Yet another implementation of CPhpAuthManager.
In this wiki, I try to implement a simple authorization schema without putting much logic inside a file
or into database table. We are constructing authorization hierarchy inside the controller. We are getting
roles for the current user from database table and assigning
only roles to user that are declared in the
particular controller. We have brought down the work of loading of auth data at main
application level to controller level. This way we have pulverised
auth data for
e site into smaller
ly we are going to look
into couple of examples.
1. Induct the component into the application.
By making some changes in the UserIdentity file in components folder, we can assign a unique id for
individual user. Now
Yii::app()->user->id_ would fetch the unique id.
//Here we are assigning pk of
user as user I
[...]$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
/**We have created a role
* Reader can view the list of posts or view a single post.
/**We are going to create a role
* Author can be a reader.
* Author can also create a post
* Author will get a task
* Through th
e task, author can only update his/her own post.
* For this purpose, we have assinged a rule for it.
/**We have created another role
* Editor is a reader.
* He can edit any post.
ChiefEditor has got all the rights.
[...]6. Selectively assign roles to the user.
Now we are going to fetch all the roles
from the database
and going to assign the roles selectively.
/*We are not going to assign all the roles.
*Only roles pertinent to this controller are assig
//Now call this method inside PostController::init
public function init()
[...]public function accessRules()
/**We have some busines
rules related to updating a paricular post.
* To put th
paricular post inside the params, we need
the pk value of that post.
* We can do the following to achieve that.
[...]/**We assign only the basic operations for each rule here.
method will take care of parents(task,role)
* Also look into code of CAccessRule::isRoleMatched method.
[...]$auth->createOperation('updateAccount','update an account');
$auth->createOperation('deleteAccount','delete an user account');
ster user accounts');
anonymous is created.
* We are attaching a bizRule so that guests only can assume anonymous role.
* They can only create an account.
* This has a child
* The task ensures that user can view or update only his or her account.
userManger role is declared in database.
* He has all the rights regarding user accounts.
/* *The parent task
userAccount has bizRule with it.
*So we have to pass params with updateAccount and ViewAccount.