Difference between #1 and #2 of
Yet another implementation of CPhpAuthManager.

Revision #2 has been created by seenivasan on Apr 16, 2013, 7:18:32 PM with the memo:

Few typos corrected.
« previous (#1)

Changes

Title unchanged

Yet another implementation of CPhpAuthManager.

Category unchanged

How-tos

Yii version unchanged

Tags changed

RBAC, bizRule, CPhpAuthManager, Authentication

Content changed

In this wiki, I try to implement a simple authorization schema without putting much logic inside a file or into database table. We are constructing authorization hierarchy inside the controller. We are getting roles for the current user from database table and assigning the only roles to user that are declared in the particular controller. We have brought down the work of loading of auth data at main application level to controller level. This way we have pulverised the auth data for wholentire site into smaller units. LastFinally we are going to look intoat couple of examples.

1. Induct the component into the application.
[...]
-------------------------------
By making some changes in the UserIdentity file in components folder, we can assign a unique id for
individual user. Now
_  _Yii::app()->user->id_    would fetch the unique id.

_protected/components/UserIdentity.php_
[...]
if($user===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
elseif($user->password!==md5($this->password."
yourpasswordsomeSalt")) $this->errorCode=self::ERROR_PASSWORD_INVALID; else { $this->errorCode=self::ERROR_NONE; $this->_id=$user->id; //Here we are assigning pk of $user as user IdD.
}
return !$this->errorCode;
[...]
$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
$auth->createOperation('managePost','admini
nister publications'); /**We have created a role  'reader'.
* Reader can view the list of posts or view a single post.
*/
[...]
$reader->addChild('viewPost');

/**We are going to create a role
 'author'. * Author can be a reader. * Author can also create a post * Author will get a task 'updateOwnPost'. * Through theis task, author can only update his/her own post.
* For this purpose, we have assinged a rule for it.
*/
[...]
$author->addChild('reader');

/**We have created another role
 'editor'.
* Editor is a reader.
* He can edit any post.
[...]
$editor->addChild('reader');

//
 'ChiefEditor has got all the rights.
$chiefEditor=$auth->createRole('chiefEditor');
$chiefEditor->addChild('reader');
[...]
6. Selectively assign roles to the user.
---------------------------------------
Now we are going to fetch all the roles
ofor current user is having from the database.
and going to assign the roles selectively.
[...]
{
/*We are not going to assign all the roles.
*Only roles pertinent to this controller are assig
ened.
*/
if($auth->getAuthItem($role)!==null)
[...]
}

//Now call this method inside PostController::init
()
public function init()
{
[...]
public function accessRules()
{
/**We have some busines
s rules related to updating a paricular post. * To put theat paricular post inside the params, we need  to know the pk value of that post prior hand.
* We can do the following to achieve that.
*/
[...]
/**We assign only the basic operations for each rule here.
* CPhpAuthManager::checkAccess
() method will take care of parents(task,role) * Also look into code of CAccessRule::isRoleMatched() method.
*/
[...]
$auth->createOperation('updateAccount','update an account');
$auth->createOperation('deleteAccount','delete an user account');
$auth->createOperation('manageAccount','admini
nister user accounts'); /**Default role  'anonymous is created.
* We are attaching a bizRule so that guests only can assume anonymous role.
* They can only create an account.
[...]
$anonymous->addChild('register');

/**Default role
 'authenticated is created. * This has a child  'userAccount(task).
* The task ensures that user can view or update only his or her account.
*/
[...]
$authenticated->addChild('userAccount');

/**
 'userManger role is declared in database.
* He has all the rights regarding user accounts.
*/
[...]
$params['user']=$this->loadModel($id);

/* *The parent task
 'userAccount has bizRule with it.
*So we have to pass params with updateAccount and ViewAccount.
*/
return array(
array('allow',
'actions'=>array('index'),
[...]
5 1
7 followers
Viewed: 16 888 times
Version: 1.1
Category: How-tos
Written by: seenivasan
Last updated by: seenivasan
Created on: Apr 14, 2013
Last updated: 8 years ago
Update Article

Revisions

View all history