CODEWITHSUNDEEP
yii
Rohit
Rohit

Reputation: 21

RBAC implementation in Yii framework

I am trying to apply simple hierarchial user structure(for ex: super-admin,admin,user) in my Yii web app. Can I do it by using Yii's default AccessControl or is it required to implement in Rbac.

Upvotes: 2

Views: 1334

Answers (1)

Elitmiar
Elitmiar

Reputation: 36899

You can do this by using Yii's default Access Control.

What I normally do when I do not use RBAC is create a field in the ACL User database that contains values eg. Admin, Super Admin etc and then once logged in I assign it to the Yii::app()-user session variable in componetnst/UserIdentity.php "Notice $this->setState('accessCode',$user->accessCode);"

class UserIdentity extends CUserIdentity
{
        private $_id;

    public function authenticate()
    {
            $username=strtolower($this->username);

            $user=Users::model()->find('LOWER(userName)=?',array($username));

            if($user===null)
                $this->errorCode=self::ERROR_USERNAME_INVALID;
            else if(!$user->validatePassword($this->password))
                $this->errorCode=self::ERROR_PASSWORD_INVALID;
            else
            {
                $this->_id=$user->u_id;
                $this->username=$user->userName;

                $this->setState('accessCode',$user->accessCode);
                $this->setState('userName',$this->username);
        $this->setState('id',$this->_id);
        $this->setState('accessCode',$user->accessCode);
                $this->errorCode=self::ERROR_NONE;
            }
            return $this->errorCode==self::ERROR_NONE;

    }

        public function getId(){
            return $this->_id;
        }

}

No in my controllers I have something like

public function accessRules()
    {
        return array(
            array('allow',  
                'actions'=>array('admin'),
                'expression'=>'Yii::app()->user->accessCode & 8',
            ),
            array('allow', 
                'actions'=>array('create','update'),
                'expression'=>'Yii::app()->user->accessCode & 1',
            ),
            array('allow', 
                'actions'=>array('view'),
                'expression'=>'Yii::app()->user->accessCode & 4',
            ),
                        array('allow', 
                'actions'=>array('delete'),
                'expression'=>'Yii::app()->user->accessCode & 2',
            ),
            array('deny',  // deny all users
                'users'=>array('*'),
            ),
        );
    }

Notice the expression works like a if statement

I hope this helps

Upvotes: 6

Related Questions