Search the Community

First of all thank you for an invaluable resource - its helped me alot! I am having a bit of a problem setting up the database for the authManager. I used the setup script to set up three databases: Auth Assignment, AuthItem and AuthItemChild - but when I run the setup script it appears to stop adding to the database when it gets to the task bit! Am very much a newbie, so any help as to where my code is going wrong would be greatly appreciated! Vicki public function actionSetup() { $auth=Yii::app()->authManager; // Create Operations $auth->createOperation('createPage'); $auth->createOperation('updatePage'); $auth->createOperation('deletePage'); $auth->createOperation('createFile'); $auth->createOperation('updateFile'); $auth->createOperation('deleteFile'); $auth->createOperation('createComment'); $auth->createOperation('updateComment'); $auth->createOperation('deleteComment'); $auth->createOperation('updateUser'); $auth->createOperation('deleteUser'); // Create Tasks // Update oe delete own user only $task=$auth->createTask('updateOwnUser', 'Allows a user to update her record','return $params["id"]==Yii::app()->user->id;'); $task=addChild('updateUser'); $task=addChild('deleteUser'); // Create your own content $task=$auth->createTask('createContent', 'Allows users to create content on the site'); $task=addChild('createPage'); $task=addChild('createFile'); $task=addChild('createComment'); // Edit your own content only $task=$auth->createTask('updateOwnContent', 'Allows a user to update pages or files that she owns','return $params["ownerId"]==$params["userId"];'); $task=addChild('updatePage'); $task=addChild('deletePage'); $task=addChild('updateFile'); $task=addChild('deleteFile'); $task=addChild('updateComment'); //Create MAKESHIFTER Role $role=$auth->createRole('makeshifter'); //add a task to a role $role=addChild('updateOwnUser'); //add an operation to a role $role=addChild('createComment'); // Create TUTOR Role $role=$auth->createRole('tutor'); //add a role to a role $role=addChild('makeshifter'); //add a task to a role $role=addChild('createContent'); $role=addChild('updateOwnContent'); // Create ADMIN Role $role=$auth->createRole('admin'); //add a role to a role $role=addChild('tutor'); //add a task to a role $role=addChild('updatePage'); $role=addChild('deletePage'); $role=addChild('updateFile'); $role=addChild('deleteFile'); $role=addChild('updateComment'); $role=addChild('deleteComment'); $role=addChild('updateUser'); $role=addChild('deleteUser'); // assign roles(1) to users(2) static default yii //$auth->assign('public','demo'); //save rules $auth->save(); } }

How does the code below (p. 268) work? Is it definitely correct? Can someone walk me through this? In actionSetup (A): Why is updateUser a child of updateOwnUser? Doesn't that mean anyone who can update his/her OWN user info can also update anyone else's? In the controller (: Why is checkAccess (array('id' => $id)) used on updateUser instead of updateOwnUser? Does updateUser even use the ID parameter? Please help - thanks... Quite confused! Code A: # protected/controllers/SiteController.php::actionSetup() $auth = Yii::app()->authManager; // Create operations. $task = $auth->createTask('updateOwnUser', 'Allows a user to update her record', 'return $params["id"] == Yii::app()->user->id;'); $task->addChild('updateUser'); Code B: # protected/controllers/UserController.php public actionUpdate($id) { $model=$this->loadModel($id); if (!Yii::app()->user->checkAccess('updateUser', array('id' => $id))) { throw new CHttpException(403, 'You are not allowed to do this.'); } // Code for doing this. }