I’ve been following this tutorial, which is great btw, and have one question.
http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/
I can access the role property like this, anywhere in my application code:
Yii::app()->user->role
but, what I’d really like to do is use the default controller authorization in my UserController:
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('*'),
'users'=>array('@'),
// Fails
'roles'=>array(ModelConstantsRole::ADMIN),
// Also Fails
'expression'=>'(isset(Yii::app()->user->role) && (Yii::app()->user->role==ModelConstantsRole::ADMIN))',
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
It appears that the class that actually validates the rules defined in accessRules doesn’t actually know anything about my role that I’ve assigned it.
CAccessControlFilter (for those of you who don’t want to search for it for 40 minutes XD).
Any ideas on how I can make use of the accessRules method when I combine it with Larry’s approach?
Thanks!
From your code it looks like you want to apply this rule to all the actions, to do that you need to leave the actions array unspecified or empty array:
Or unspecified:
This is already documented in the docs :
Keep in mind that the roles array is again an array with role names, example:
Then you don’t need the ‘expression’ as all that you are doing in there is already being done with the roles array.
Edit: After reading the tutorial you have linked, it seems that he has not implemented RBAC. The
'roles'option uses rbac, so it won’t work without it. Hence you’ll have to use the'expression'option instead, and your'expression'option looks fine.