Revision #8 has been created by Steve Friedl on Dec 2, 2010, 6:55:44 PM with the memo:
Recommended the use of auth.txt to preview auth.php; added minor cleanups
In this cookbook I will attempt to explain how to use the lightweight version of [Role-Based Access Control](http://www.yiiframework.com/doc/guide/topics.auth#role-based-access-control) using a php file. This version does not use database but a php file and is controlled by CPhpAuthManager class.
## Configuring the roles: ##
By default when setting up this particular type of rbac Yii will look for any defined roles in a file named auth.php and located in protected/data/auth.php
sake of easiness
I will add an
example of user
to the blog demo.
>Info: Yii expects to read auth.php and get an array() out of it. So we need to create auth.php and return array(); Yii also needs to write to that file when changing roles so make sure to provide enough permission access to that file needed by the system.
Next we d
eclare some roles in our auth.
'description'=>'Can only read a post',
'description'=>'Can post a comment',
'description'=>'Can read a post and post a comment',
[...]The above code declares 3 different types of roles:
- this type of role can only read a post but not post any comments
- this role gives access only to the comments form section to post a comment.
- which can read a post and post a comment (consists of both roles above).
## Configuring the accessRules(): ##
Now that we've setup our roles we should move to apply them in action. In this example I will only apply them to our PostController as below:
array('allow', // allow readers only access to the view file
The above code should be pretty clear - allow user with 'reader' role access to the view action.
## Configuring our tbl_user in our database: ##
Next we add an additional field to our tbl_user. We call that field role (varchar 30). We also need two user entries in this table. We already have the 'demo' one from the blog tutorial and add a 'test' one. In the 'demo' role field ent
ery 'reader' as data and for 'test' enter 'admin' as a role.
## Assigning roles: ##
The code we have added to the original UserIdentity class is:
>Info: Please see comments at the end of the lines for explanation on what every line of code does. It is important to remember that it is good practice to check if a roles has already been assigned becuase Yii assignes roles and does not delete them until you call the revoke() function. In ca
nse you forget and try to re-assign a role Yii will return an error. Another important point is when you assign a role you must save it by calling Yii::app()->authManager->save();
This basically activates the authorization Manager of the application and tells
ii that we want to use CPhpAuthManager class to take care of our accessControll. When you login Yii will assign a role to your user id. After you login open up the auth.php file and see that Yii has re-ar
anged it in the appropriate way.
For the sake of testing our functionality we should now add some
rbac check to our views/post/view.php:
[...]>Info: When the user logs out we need to delete the assigned role otherwise if you change that user's role while he is offline and when he comes back and logs in again he will end up with two roles: the old one and the new one! So we place the below code in our logout action in the SiteController:
public function actionLogout()
$assigned_roles = Yii::app()->authManager->getRoles(Yii::app()->user->id); //obtains all assigned roles for this user id
[...][another related rbac approach](http://yiiframework.ru/doc/cookbook/ru/access.rbac.file)<br />
>Disclaimer: The above code works for me. I do not guarantee that it will work in all situations. If you need more complex
structure use the DB one. I've read all posts in the forum
but none of them helped me so the above code has been discovered through trial & error. Use it on your own responsibility.