StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POImplementing role-based authorization in Yii Framework
text
Body
copied!<p>I've been following this tutorial, which is great btw, and have one question.</p> <p><a href="http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/" rel="nofollow">http://www.larryullman.com/2010/01/07/custom-authentication-using-the-yii-framework/</a></p> <p>I can access the role property like this, anywhere in my application code:</p> <pre><code>Yii::app()->user->role </code></pre> <p>but, what I'd really like to do is use the default controller authorization in my UserController:</p> <pre><code>/** * Specifies the access control rules. * This method is used by the 'accessControl' filter. * @return array access control rules */ public function accessRules() { return array( array('allow', // allow all users to perform 'index' and 'view' actions 'actions'=>array('*'), 'users'=>array('@'), // Fails 'roles'=>array(ModelConstantsRole::ADMIN), // Also Fails 'expression'=>'(isset(Yii::app()->user->role) && (Yii::app()->user->role==ModelConstantsRole::ADMIN))', ), array('deny', // deny all users 'users'=>array('*'), ), ); } </code></pre> <p>It appears that the class that actually validates the rules defined in accessRules doesn't actually know anything about my role that I've assigned it. CAccessControlFilter (for those of you who don't want to search for it for 40 minutes XD).</p> <p>Any ideas on how I can make use of the accessRules method when I combine it with Larry's approach?</p> <p>Thanks! </p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload