Search the Community

Hello! First of all, I really appreciate the Yii book and I find it just awesome! Thank you! But, I have a question about rbac. In your book you are showind how to tie roles to database users. And I lost the thread at the moment when the roles are assigned to the users: # protected/models/User.php public function afterSave() { if (!Yii::app()->authManager->isAssigned( $this->type,$this->id)) { Yii::app()->authManager->assign($this->type, $this->id); } return parent::afterSave(); When a user is created - the role pointed at "type" attribute is assigned to the actual role in database. The question is - what if I need to change user's role after she has been created? For example, administartor would want to change any specific user's role to "moderator" or to "author"? This code would not work, right? How do I implement it? I can guess that I just need to delete "if" condition, so the rest of code would work when user is updated. But I feel that is wrong.... Sorry, if this question was already asked, I tried to find it. And thank you in advance!

How does the code below (p. 268) work? Is it definitely correct? Can someone walk me through this? In actionSetup (A): Why is updateUser a child of updateOwnUser? Doesn't that mean anyone who can update his/her OWN user info can also update anyone else's? In the controller (: Why is checkAccess (array('id' => $id)) used on updateUser instead of updateOwnUser? Does updateUser even use the ID parameter? Please help - thanks... Quite confused! Code A: # protected/controllers/SiteController.php::actionSetup() $auth = Yii::app()->authManager; // Create operations. $task = $auth->createTask('updateOwnUser', 'Allows a user to update her record', 'return $params["id"] == Yii::app()->user->id;'); $task->addChild('updateUser'); Code B: # protected/controllers/UserController.php public actionUpdate($id) { $model=$this->loadModel($id); if (!Yii::app()->user->checkAccess('updateUser', array('id' => $id))) { throw new CHttpException(403, 'You are not allowed to do this.'); } // Code for doing this. }

Is there a reason why "$model=$this->loadModel($id);" has to go before the checkAccess line or can it go after (as in my example)? I noticed it works both ways. Also, is it a bad idea to redirect users to the home page if they are trying to access a restricted page (as shown below)? public function actionUpdate($id) { // Checks to see if user can update page if (!Yii::app()->user->checkAccess('user_update', array('id'=>$id))){ // Redirects user to home page if denied access $this->redirect(array('site/index')); } $model=$this->loadModel($id); if(isset($_POST['User'])) { $model->attributes=$_POST['User']; if($model->save()) $this->redirect(array('view','id'=>$model->id)); } $this->render('update',array( 'model'=>$model, )); }

I am unable to create a user through the application, I am getting the exception that CDbCommand failed to execute the SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '2001128' for key 'PRIMARY'. The SQL statement executed was: INSERT INTO `tbl_user` (`id`, `name`, `surname`, `username`, `password`, `access`, `email`, `contact`) VALUES (:yp0, :yp1, :yp2, :yp3, :yp4, :yp5, :yp6, :yp7) But I checked the database there was no entry for that primary key, also only the primary gets inserted into the database after submitting the form. I have created a permission hierarchy using rbac. A superadmin can create admin and normaluser, a admin1 can create only normaluser.

I have created Rbac with superadmin,admin1,normaluser. I want to check weather the user is logged in as superadmin, admin1,normaluser depending on the database column "access" value in tbl_user table, if "access"=0 then user should be superadmin, if "access"=1 then user should be admin1 and if "access"=2 then user should be normaluser. RBAC authorization hierarchy was created by yiic shell, all the database schema has been defined. I cannot figure out how to proceed further than creating authorization hierarchy and how to write code to check a user according to roles. Here is RbacCommand.php http://pastebin.com/BKdYM4eg