Francis J Attokkaran | Yii DeveloperFrancis Yii Bolg Yii developer Yii-framework Web developer Yii Porgramer offshore outsourcing

1 year ago

#rbac
#role
#based
#access
#controll
#yii
#framework
#yii-framework
#roles

Role Based Access Control (RBAC) In Yii-framework

RBAC is one of the good feature we have in yii framework. But i did n’t understand it clearly in the begging. Now by referring several documents i understand the working of Role Based Access Control.
Setting AuthManager
First go protected/config/main.php and add authManager into application component

‘components’=>array(
          /*.
          restof body
          .*/
          ‘authManager’=>array(
                   ‘class’=>’CDbAuthManager’,
                   ‘connectionID’=>’db’,
          //      ‘assignmentTable’=>’tbl_authassignment’,
          //      ‘itemTable’=>’tbl_authitem’,
          //      ‘itemChildTable’=>’tbl_authitemchild’,
             ),

By default there will be a db table created in database named as ‘AuthAssignment’, ‘AuthItem’, ‘AuthItemChild’ so if need to change the table
           ‘assignmentTable’=>’tbl_authassignment’,
          ‘itemTable’=>’tbl_authitem’,
          ‘itemChildTable’=>’tbl_authitemchild’,
you can do by add this to authManager

Shell execution command to create db table for RBAC
   Create a file RbacCommand.php inside protected/commands/shell .
»Click here« to download example RbacCommand.php file which i created for business creation
then open terminal run yiic find inside protected folder
          # protected/yiic shell
This command should be run inside root(main) folder of appliction
     >>rbac
It will ask would you like to continue?[Yes|no]
Enter ” y”
There may have chance to occur problems in Linux for creating table. This may because of case sensitivity so create table in lower cap
If you are like to use assignmentTable, itemTable, itemChildTable in auth Manager. it’s better to use after the creation of db table using rbac in shell. You should rename manually to the name given in authManager.
So table are ready with contents. You need to assign each user with their role

$auth=Yii::app()->authManager
$auth->assign(‘admin’,Yii::app()->user->id);

//here admin is privilege or role not user
// instead of Yii::app()->user->id you can give the id of user to whom role is need to be assign

so we can assign permission to each user.
We can check permission or role of user by
if(Yii::app()->user->checkAccess(‘deleteBiz’),Yii::app()->user->id);
or
if(Yii::app()->authManager->checkAccess(‘deleteBiz’),Yii::app()->user->id);
Or you can implement RBAC using accessRules

public function accessRules() { return array(

/* rest of permission */

array('allow',

‘actions’=>array(‘details’,’update’),

‘roles’=>array(‘updateOwnBiz’,’editor’),

array(‘allow’,

‘actions’=>array(‘create’),

‘roles’=>array(‘user’),

array(‘allow’,

‘actions’=>array(‘admin’,’delete’),

‘roles’=>array(‘admin’),

array(‘deny’,

‘users’=>array(‘*’),

);}

Role can be either operation, task, role

In the above
updateOwnBiz    is task.
user,admin            is role
deleteBiz              is operation

:-@ttokkaran

nintriva.com