Yet another implementation of CPhpAuthManager.

How-tos

RBAC, bizRule, CPhpAuthManager, Authentication

In this wiki, I try to implement a simple authorization schema without putting much logic inside a file or into database table. We are constructing authorization hierarchy inside the controller. We are getting roles for the current user from database table and assigning the only roles to user that are declared in the particular controller. We have brought down the work of loading of auth data at main application level to controller level. This way we have pulverised the auth data for wholentire site into smaller units. LastFinally we are going to look intoat couple of examples.

1. Induct the component into the application.-------------------------------
By making some changes in the UserIdentity file in components folder, we can assign a unique id for
individual user. Now_  _Yii::app()->user->id_    would fetch the unique id.

_protected/components/UserIdentity.php_if($user===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
elseif($user->password!==md5($this->password."yourpasswordsomeSalt")) $this->errorCode=self::ERROR_PASSWORD_INVALID; else { $this->errorCode=self::ERROR_NONE; $this->_id=$user->id; //Here we are assigning pk of $user as user IdD.
}
return !$this->errorCode;$auth->createOperation('updatePost','update a post');
$auth->createOperation('deletePost','delete a post');
$auth->createOperation('managePost','admininister publications'); /**We have created a role  'reader'.
* Reader can view the list of posts or view a single post.
*/$reader->addChild('viewPost');

/**We are going to create a role  'author'. * Author can be a reader. * Author can also create a post * Author will get a task 'updateOwnPost'. * Through theis task, author can only update his/her own post.
* For this purpose, we have assinged a rule for it.
*/$author->addChild('reader');

/**We have created another role  'editor'.
* Editor is a reader.
* He can edit any post.$editor->addChild('reader');

// 'ChiefEditor'  has got all the rights.
$chiefEditor=$auth->createRole('chiefEditor');
$chiefEditor->addChild('reader');6. Selectively assign roles to the user.
---------------------------------------
Now we are going to fetch all the roles ofor current user is having from the database.
and going to assign the roles selectively.{
/*We are not going to assign all the roles.
*Only roles pertinent to this controller are assigened.
*/
if($auth->getAuthItem($role)!==null)}

//Now call this method inside PostController::init()
public function init()
{public function accessRules()
{
/**We have some business rules related to updating a paricular post. * To put theat paricular post inside the params, we need  to know the pk value of that post prior hand.
* We can do the following to achieve that.
*//**We assign only the basic operations for each rule here.
* CPhpAuthManager::checkAccess() method will take care of parents(task,role) * Also look into code of CAccessRule::isRoleMatched() method.
*/$auth->createOperation('updateAccount','update an account');
$auth->createOperation('deleteAccount','delete an user account');
$auth->createOperation('manageAccount','admininister user accounts'); /**Default role  'anonymous'  is created.
* We are attaching a bizRule so that guests only can assume anonymous role.
* They can only create an account.$anonymous->addChild('register');

/**Default role  'authenticated'  is created. * This has a child  'userAccount' (task).
* The task ensures that user can view or update only his or her account.
*/$authenticated->addChild('userAccount');

/** 'userManger'  role is declared in database.
* He has all the rights regarding user accounts.
*/$params['user']=$this->loadModel($id);

/* *The parent task  'userAccount'  has bizRule with it.
*So we have to pass params with updateAccount and ViewAccount.
*/
return array(
array('allow',
'actions'=>array('index'),