Reputation: 3978
CWebUser and CUserIdentity
I'm building an authentication module for my application and I don't quite understand the relation between CWebUser and CUserIdentity.
To set the user id to Yii::app()->user->id I have to do that in my UserIdentity class and create a method:
public function getId() {
return $this->_id;
}
But to set isAdmin to Yii::app()->user->isAdmin I have to create a method in my WebUser class:
function getIsAdmin() {
$user = $this->loadUser(Yii::app()->user->id);
return intval($user->user_level_id) == AccountModule::USER_LEVEL_ADMIN;
}
Why can't I just create the methods the UserIdentity class? What is the division of labour here?
Upvotes: 3
Views: 3930
Answers (3)
Reputation: 1183
And what is the benefit of using all those classes? I can do everything just by User model. If I set scenario "login", password will be checked during validation. If validation is OK, I can set to session my own variable like this:
$model = new User("login");
$model->attributes = $_POST["User"];
if ($model->validate())
{
Yii::app()->session["currentUser"] = $model;
}
else
{
// .. show error
unset(Yii::app()->session["currentUser"]);
}
In User model I have then static methods to check this variable
public static function isGuest()
{
return isset(Yii::app()->session["currentUser"]);
}
public static function getCurrent()
{
return Yii::app()->session["currentUser"];
}
And I can call it very shortly:
User::isGuest();
$model = User::getCurrent();
// instead of writing this:
Yii::app()->user->isGuest;
So why should I use so complicated hierarchy of classes that is suggested by Yii? I never understood it.
Upvotes: 2
Reputation: 5119
I like how the accepted answer used real life examples to make it easier to understand. However, I also like how Chris explained it here with example.
User information is stored in an instance of the CWebUser class and this is created on application initialisation (ie: when the User first connects with the website), irrespective of whether the user is logged in or not. By default, the user is set to “ Guest”. Authentication is managed by a class called CUserIdentity and this class checks that the user is known and a valid user. How this validation occurs will depend on your application, perhaps against a database, or login with facebook, or against an ldap server etc...
Upvotes: 2
Reputation: 3242
The UserIdentity (UI) class is like an ID card, where as the WebUser class is the actual person plus everything you know about them.
The UI class gives you authentication via database, webservices, textfile, whatever. It lets you know what the key attributes are and allows you to manipulate them. The user however can give you more information about what they're allowed to do, there names, granular permissions and such.
OK, end metaphor
The UI class holds the key information, so when asking for the users ID it will refer to the User Identity class to get the Identifier for the user.
Anything that isn't related to identifying or authenticating a user is in the WebUser class
Clear it up at all?
Your example
You gave the getId function as an example, but that can be created on WebUser to override the default, which is to pull from the state.
So not sure what you mean here.
Upvotes: 5
Related Questions
- Yii always starts a session when I touch CWebUser
- YII PHP Fatal error: Class 'CWebApplication' not found
- yii cwebuser two seperate login in admin and frontend session issue
- cwebuser is undefined when function exists
- How bind CWebUser with model User
- YII login remember me error CWebUser.allowAutoLogin must be set true in order to use cookie-based authentication
- Yii Undefined property: CWebApplication::$user
- setState in CWebUser and CUserIdenitity messed up in examples
- Sending more data to changeIdentity in CWebUser by overriding it?
- Extended CWebUser and rewriting Yii accessControl