I wanted to make a user access level, but I have problem the admin (whose id_level = 1) still cannot access the specified page.
Here I have EWebUser.php
<?php
class EWebUser extends CWebUser{
protected $_model;
protected function loadUser()
{
if ( $this->_model === null ) {
$this->_model = User::model()->findByPk($this->id);
}
return $this->_model;
}
function getLevel()
{
$user=$this->loadUser();
if($user)
return $user->id_level;
return 100;
}
}
?>
Then here is the accessRules method in UserController.php
public function accessRules()
{
return array(
.......
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('index','admin','delete'),
//'users'=>array('admin'),
'expression'=>'$user->getLevel()<=1',
),
.......
);
}
I cannot access localhost/myappname/user.php, it throws error 403, although I logged in as Admin (id_level = 1).
I figured out $this->_model = User::model()->findByPk($this->id); , I made change $this->id_user because in my model the Primary key is id_user not id but it throws another error: Property "EWebUser.id_user" is not defined. Anyone can help me solve this problem? Thanks in advance..
[SOLVED] by myself, I changed $this->_id = $user->username; to $this->_id = $user->id_user; in UserIdentity.php, there's no wrong codes on $this->_model = User::model()->findByPk($this->id); because the actual problem is in the UserIdentity
Related
For some strange reasons, i am finding it difficult to login with yii->$app->generatePasswordhash($password.) I have a backedn where i register users and also change password. Users can login successfully when i created them but when i edit user password, the system keeps telling me invalid username or password. Below is my code.
//Model
Class Adminuser extends ActiveRecord
{
public $resetpassword
public function activateuser($id,$newpassword)
{
//echo Yii::$app->security->generatePasswordHash($newpassword); exit;
$user = Adminuser::find()->where(['id' =>$id])->one();
$user->status = self::SET_STATUS;
$user->password_reset_token = null;
$user->password = Admin::genPassword($this->resetpassword); // this returns yii::$app->security->generatePasswordHash($password)
return $user->save();
}
}
//controller action
public function actionActivate($id)
{
$model = new Adminuser();
$model->scenario = 'adminactivate';
if ($model->load(Yii::$app->request->post()) && $model->validate()) {
if($model->activateuser($id,$model->password))
{
//send a mail
Yii::$app->session->setFlash('success', 'New user has been activated.');
return $this->redirect(['index']);
}
else
$errors = $model->errors;
}
return $this->render('activate', [
'model' => $model,
]);
}
Please i need help
Your activateuser() method has $newpassword as an incoming parameter. Anyway you are using $this->resetpassword in Admin::genPassword(). Looks like that is the reason of the problem and all your passwords are generated based on null value. So try to use $user->password = Admin::genPassword($newpassword); instead.
I am trying to user filters in YII.
here is my code.
public function filters()
{
return array(
'provideronly +uploadclients,fileview,editprofile,getinvitedusers',
);
}
public function filterProvideronly($filterchain)
{
if(Yii::app()->user->providerId==-1)
{
$this->redirect(array('site/error','id'=>403,'message'=>'You are unauthorized to view this page'));
return false;
}
return true;
}
When the user is unauthorized to use the controller it is redirecting to error page. but when the user is authorized , it is showing a blank page..
what is wrong in this code ?
Instead of return true you need to put $filterChain->run(); so yii can see that the filter ended.
I am a newbie to yii. I have stuck my mind with yii-tutorials for creating roles in yii. but I am not getting how can I create role in yii. means I want to create two roles admin & staff and I want to give different priviliage to them.
I have created a role in user table, but I am not getting that how can I create a role and can assign priviliages to them, please help me guys
Thanks in advance
In your copenents/UserIdentity.php
class UserIdentity extends CUserIdentity{
private $_id;
public function authenticate()
{
$record=Members::model()->findByAttributes(array('username'=>trim($this->username)));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->password!==md5(trim($this->password)))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('username', $record->username);
$this->setState('name', $record->name);
$this->setState('type', $record->role);
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId()
{
return $this->_id;
}
public function setId($id)
{
$this->_id = $id;
}
}
You can create a new column name as "role". set the members type "admin" or "staff" to role column.
Be careful to that line.
$this->setState('type', $record->role);
Create a new helper file. /protected/helpers/RoleHelper.php
class RoleHelper {
public static function GetRole(){
if (Yii::app()->user->type == "admin"){
//set the actions which admin can access
$actionlist = "'index','view','create','update','admin','delete'";
}
elseif (Yii::app()->user->type = "staff"){
//set the actions which staff can access
$actionlist = "'index','view','create','update'";
}
else {
$actionlist = "'index','view'";
}
return $actionlist;
}
}
and in your controllers -> accessRules function
public function accessRules()
{
return array(
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array(RoleHelper::GetRole()),
'users'=>array('#'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
and dont forget to add 'application.helpers.*' to /config/main.php
'import'=>array(
'application.models.*',
'application.components.*',
'application.helpers.*',
),
This source is pretty good specially for beginners..I am using this method till now:
Simple RBAC in YII
Just follow the instructions given while having your desired modifications.
Concrete Example:
WebUser.php (/components/WebUser.php)
<?php
class WebUser extends CWebUser
{
/**
* Overrides a Yii method that is used for roles in controllers (accessRules).
*
* #param string $operation Name of the operation required (here, a role).
* #param mixed $params (opt) Parameters for this operation, usually the object to access.
* #return bool Permission granted?
*/
public function checkAccess($operation, $params=array())
{
if (empty($this->id)) {
// Not identified => no rights
return false;
}
$role = $this->getState("evalRoles");
if ($role === 'SuperAdmin') {
return 'SuperAdmin'; // admin role has access to everything
}
if ($role === 'Administrator') {
return 'Administrator'; // admin role has access to everything
}
if ($role === 'Professor') {
return 'Professor'; //Regular Teaching Professor, has limited access
}
// allow access if the operation request is the current user's role
return ($operation === $role);
}
}
Just connect it with your components/UserIdentity.php and config/main.php:
'components' => array(
// ...
'user' => array(
'class' => 'WebUser',
),
and thats it..
to check the role of the logged in:
Yii::app->checkAccess("roles");
where checkAccess is the name of your function in WebUser...
Please note that evalRoles is a column in your table that will supply the role of an account (on my link provided, that would be the word roles used in the major part snippet)
In yii I can use:
self::ERROR_USERNAME_INVALID;
I want another one:
self::ERROR_USER_BANNED;
That must give the error:
Sorry, but you cannot login because you account has been blocked.
How do I set this up?
Add it directly to your protected/components/UserIdentity.php :
class UserIdentity extends CUserIdentity {
const ERROR_USER_BANNED = -1; // say -1 you have to give some int value
public function authenticate() {
// ... code ...
if (/* condition to check for banning */) { // you might want to put this check right after any other username checks, and before password checks
$this->errorCode=self::ERROR_USER_BANNED;
$this->errorMessage='Sorry, but you cannot login because your account has been blocked.'
return $this->errorCode;
}
}
}
The default way with LoginForm.php model :
Add a new validator rule, say to your username field:
public function rules() {
return array(
// ... other rules ...
array('username','isBanned')
);
}
// the isbanned validator
public function isBanned($attribute,$params) {
if($this->_identity===null)
$this->_identity=new UserIdentity($this->username,$this->password);
if($this->_identity->authenticate() === UserIdentity::ERROR_USER_BANNED){
$this->addError($attribute,$this->_identity->errorMessage);
}
Ofcourse you could have declared another function in UserIdentity to check just for banning, and call that function from the isBanned validator, instead of having things in the authenticate function.
add following in UserIdentity.php
const ERROR_USER_BANNED = 12 ; #or whateve int value you prefer
public function getErrorMessageX() #or whatever method name
{
switch ($this->errorCode)
{
case self::ERROR_USER_BANNED:
return 'sorry, your account has been banned'; # custom error msg
case self::ERROR_USERNAME_INVALID:
return 'User does not exists';
case self::ERROR_PASSWORD_INVALID:
return 'Password does not match';
case self::ERROR_ACCOUNT_NOT_CONFIRMED: #this one is mine:)
return 'This Account needs confirmation';
}
}
now in LoginForm.php
public function authenticate( )
{
$this->_identity = new UserIdentity($this->username,$this->password);
if( $this->_identity->authenticate() === FALSE )
$this->addError('username', $this->_identity->errorMessageX); #here
#some more code
return !$this->_identity->errorCode;
}
I am trying to save user's last logout time into a DB in Yii framework.
I have WebUser as:
<?php
// this file must be stored in:
// protected/components/WebUser.php
class WebUser extends CWebUser {
public function afterLogout()
{
$user=user::Model();
$user->logOutDateTime='TEST';
$user->saveAttributes(array('logOutDateTime'));
parent::afterLogout();
}
}
?>
and in config\main.php I have these lines
// application components
'components'=>array(
'user'=>array(
// enable cookie-based authentication
'class'=>'WebUser',
'allowAutoLogin'=>true,
)
For now I have set logOutDateTime datatype to varchar, to test, and I assume every time user logs out, it should write 'TEST' into database but it does nothing.
Where did I go wrong?
I don't think the afterLogout() still has the Yii::app()->user set, so I would do something like (untested):
public function beforeLogout()
{
if (parent::beforeLogout()) {
$user = User::model()->findByPk(Yii::app()->user->id); // assuming you have getId() mapped to id column
$user->logOutDateTime='TEST';
$user->saveAttributes(array('logOutDateTime'));
return true;
} else {
return false;
}
}
$user = user::Model();
should be:
$user = user::Model()->find(/* model_conditions */);