We Keep Coding

Yii::app()->getModule('user') is returning 'Trying to get property of non-object'

i have a question like
Yii::app()->getModule('user') is not returning the right value view/layout/main.php
but i have a different case, where i cant resinstal it, and it was use right-extension.
in the main config
'application.models.*',
'application.components.*',
'application.modules.rights.*',
'application.modules.rights.components.*',
'rights'=>array(
'superuserName'=>'Admin', // Name of the role with super user privileges.
'authenticatedName'=>'Authenticated', // Name of the authenticated user role.
'userIdColumn'=>'id', // Name of the user id column in the database.
'userNameColumn'=>'username', // Name of the user name column in the database.
'enableBizRule'=>true, // Whether to enable authorization item business rules.
'enableBizRuleData'=>false, // Whether to enable data for business rules.
'displayDescription'=>true, // Whether to use item description instead of name.
'flashSuccessKey'=>'RightsSuccess', // Key to use for setting success flash messages.
'flashErrorKey'=>'RightsError', // Key to use for setting error flash messages.
'install'=>false, // Whether to enable installer.
'debug'=>false, // Whether to enable debug mode.
),
and then i need to update this application to use user-extension..
i was trying and the result is :
Trying to get property of non-object
<?php $this->widget('zii.widgets.CMenu',array(
'items'=>array(
array('url'=>Yii::app()->getModule('user')->loginUrl, 'label'=>Yii::app()->getModule('user')->t("Login"), 'visible'=>Yii::app()->user->isGuest),
< updated >
now i got different error :
Trying to get property of non-object
public function tableName()
{
return Yii::app()->getModule('user')->tableUsers;
}
in \protected\modules\user\models\User.php(41)
my code in config main i update like :
'modules'=>array(
'user'=>array(
'tableUsers' => 'tbl_users',
'tableProfiles' => 'tbl_profiles',
'tableProfileFields' => 'tbl_profiles_fields',
any idea where my fault?
*sory if i have bad grammar.

SOLVED
in config main
'rights'=>array(
'superuserName'=>'Admin', // Name of the role with super user privileges.
'authenticatedName'=>'Authenticated', // Name of the authenticated user role.
'userIdColumn'=>'id', // Name of the user id column in the database.
'userNameColumn'=>'username', // Name of the user name column in the database.
'enableBizRule'=>true, // Whether to enable authorization item business rules.
'enableBizRuleData'=>false, // Whether to enable data for business rules.
'displayDescription'=>true, // Whether to use item description instead of name.
'flashSuccessKey'=>'RightsSuccess', // Key to use for setting success flash messages.
'flashErrorKey'=>'RightsError', // Key to use for setting error flash messages.
//'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested.
//'layout'=>'rights.views.layouts.main', // Layout to use for displaying Rights.
//'appLayout'=>'application.views.layouts.main', // Application layout.
//'cssFile'=>'rights.css', // Style sheet file to use for Rights.
'install'=>false, // Whether to enable installer.
'debug'=>false, // Whether to enable debug mode.
),
'user'=>array(
'hash' => 'md5',
'tableUsers' => 'tbl_users',
'tableProfiles' => 'tbl_profiles',
'tableProfileFields' => 'tbl_profiles_fields',
and don't change anything in module..
and it's works,, like magic..
lol

Authorization with rbac yii

I am trying to understand authorization in rbac and getting confused a bit with a couple of things.
In the accessControl rules i am using roles as such:
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index', 'view'),
'roles'=>array('user'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'roles'=>array('author'),
),
array('allow', // allow admin user to perform 'admin' and 'delete' actions
'actions'=>array('admin','delete'),
'roles'=>array('admin'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
I am also using the following setup :
$auth = Yii::app()->authManager;
$auth->createOperation('createPost', 'create a post');
$auth->createOperation('readPost', 'Read a post');
$auth->createOperation('updatePost', 'update a post');
$auth->createOperation('deletePost', 'delete a post');
$role = $auth->createRole('user');
$role->addChild('readPost');
$role = $auth->createRole('author');
$role->addChild('user');
$role->addChild('createPost');
$role = $auth->createRole('admin');
$role->addChild('author');
$role->addChild('updatePost');
$role->addChild('deletePost');
$auth->assign('user', 3);
$auth->assign('author', 2);
$auth->assign('admin', 1);
$auth->save();
There are 4 different operations with names (createPost, deletePost , readPost, udpatePost). However in the controller the action names are different such as actionIndex, actionView, actionCreate, actionDelete, actionUpdate and actionAdmin.
Questions:
How are operations being mapped to controller actions.
Should more operations be created such as IndexPost, ViewPost etc ..?
While using rbac, should we still keep the accesscontrol filter and rules as I have done here?
I am not sure if I am doing it right. Lots of confusion and lost. Please shed some light. Cheers.

They aren't being mapped, in each action you need to check this manually
if (Yii::app()->authManager->checkAccess('updatePost'))
thorow new HttpException(404);
Your can create IndexPost, ViewPost if some user can't see these actions.
In accessControl you can keep only check that user is logged, when it's needed.
For more information check this articles: Simple RBAC, Getting to Understand Hierarchical RBAC Scheme

Yii Rights :: Error 403 You Are Not Authorized To Perform This Action

I am newb in yii. I installed yii-rights in protected/modules/rights as per documentation. But can't use properly. There are something missing that I couldn't find out. localhost/index.php/right page is working well. But when I press on "permissions", "roles", "tasks", "operations". It shows
"Error 403
You are not authorized to perform this action."
Here is my main config::
'import'=>array(
'application.modules.right.*',
'application.modules.right.models*',
'application.modules.rights.components.*',
),
'rights'=>array(
'superuserName'=>'Admin', // Name of the role with super user privileges.
'authenticatedName'=>'Authenticated', // Name of the authenticated user role.
'userIdColumn'=>'id', // Name of the user id column in the database.
'userNameColumn'=>'username', // Name of the user name column in the database.
'enableBizRule'=>true, // Whether to enable authorization item business rules.
'enableBizRuleData'=>false, // Whether to enable data for business rules.
'displayDescription'=>true, // Whether to use item description instead of name.
'flashSuccessKey'=>'RightsSuccess', // Key to use for setting success flash messages.
'flashErrorKey'=>'RightsError', // Key to use for setting error flash messages.
'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested.
'layout'=>'rights.views.layouts.main', // Layout to use for displaying Rights.
'appLayout'=>'application.views.layouts.main', // Application layout.
'cssFile'=>'rights.css', // Style sheet file to use for Rights.
'install'=>false, // Whether to enable installer.
'debug'=>false,
),
'components'=>array(
'user'=>array(
'class'=>'RWebUser',
// enable cookie-based authentication
'allowAutoLogin'=>true,
'loginUrl'=>array('/user/login'),
),
AssignementController
public function accessRules()
{
return array(
array('allow', // Allow superusers to access Rights
'actions'=>array(
'view',
'user',
'revoke',
),
'users'=>$this->_authorizer->getSuperusers(),
),
array('deny', // Deny all users
'users'=>array('*'),
),
);
}
I need your help. PLEASE
Note that:: I am using yii-user also. yii-user is working well.

In your controller, you are required to name your action to perform function.
public function accessRules(){
.......
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update','districts','center'),
'users'=>array('#'),
......
}
For example in the above code, district and center are actions.
Hopefully, you will get the idea.

I know it's an older question but have you add
public function filters()
{
return array(
'accessControl',
);
}
to the AssignementController? Yii needs it to regard function accessRules() for access controlling.

Set your "Yii::app()->user->name";
Try this
<?php
class UserIdentity extends CUserIdentity
{
protected $_id;
const USER_INACTIVE = 3;
public function authenticate()
{
$p= Person::model()->findByUsername($this->username);
if (empty($p))
$this->errorCode = self::ERROR_USERNAME_INVALID;
elseif (!CPasswordHelper::verifyPassword($this->password, $p->password))
$this->errorCode = self::ERROR_PASSWORD_INVALID;
else
{
$this->_id = $p->id;
$this->username = $p->username;
$this->errorCode = self::ERROR_NONE;
}
return !$this->errorCode;
}
public function getId() {
return $this->_id;
}
}
the line "$this->username = $p->username;";
Hope this help.

What is main purpose of filter in YII?

As as title clarifies what is main purpose of filters in Yii? I am newbie to Yii and little confuse about filters and validators? Any one can explain it for me?

A validator will be validating that an attribute in a model is as it should be: an, integer, a date, less than a given size, ...
Example:
public function rules()
{
return array(
//username and password are required
array('username, password', 'required'),
//myInt is a number between 0 and 255
array('myInt', 'numerical', 'min'=>0, 'max'=> 255),
);
}
The validation rules will be tested when calling $model->validate() or $model->save(). If one of the validator did not pass, then an error will be thrown to the user.
You can know the errors thrown by calling $model->getErrors()
Source: Model Rules Validation
The filter definition is :
A filter can be applied before and after an action is executed. It can
modify the context that the action is to run or decorate the result
that the action generates.
So basiclly it will execute some work before calling the controller method (so before rendering anything on the screen) or after the controller is done (so it could be after the datas are validated and added in the db).
As example we can say:
Check user authorizations
Implements HTTP caching
...
To apply filters to actions, we need to override the CController::filters() method. The method should return an array of filter configurations. For example,
public function filters()
{
return array(
'postOnly + edit, create',
array(
'application.filters.PerformanceFilter - edit, create',
'unit'=>'second',
),
);
}
Using the plus and the minus operators, we can specify which actions the filter should and should not be applied to. In the above, the postOnly filter will be applied to the edit and create actions, while PerformanceFilter filter will be applied to all actions EXCEPT edit and create. If neither plus nor minus appears in the filter configuration, the filter will be applied to all actions.
Source: Yii API about CFilter and Yii Guide
So if you want to validate some datas, then use the validators and if what you want to do is not depending on the model (ie check a user is logged in, ...) then you should implements a filter.
In general the difference between a filter and a validator is pretty obvious.

Validators are used for preventing inserting or updating wrong data in db. Filters could be used to make some preparation before or after validating
class LoginForm extends CFormModel
{
public $mail;
public $password;
public $rememberMe;
public function rules()
{
return array(
array('mail, password', 'filter'=>'trim'),
array('mail', 'filter'=>'mb_strtolower'),
array('mail, password', 'required'),
array('mail', 'email'),
array('rememberMe', 'boolean'),
array('password', 'authenticate'),
);
}
}

Filters is mainly used to filter your URL. Here also included accessControl. That's means when you set URL to access any action. Then those filter checked that action is permitted for those User or not. Also if you set that this controller delete action only can be accessible by POST method Then you will not be able to delete by using GET method. Those all type of access .... Controlled by FILTERS.
On the other hand, Validator is used to validate your any input filed AS your wishes. As like Minimum , Maximum, Integer or not, is it will be Unique or not, is this field required or not. is this field will be email type or not ...... and many more type of validation of INPUT FIELD.....
In Single Word it can be say " Validator is used for Input Validation and Filter is Used for Output Validation "

Yii framework not checking roles in accessRules

I am creating some kind of admin panel in Yii framework, and im setting state at login like this
public function authenticate()
{
$record=AdminTbl::model()->findByAttributes(array('usr'=>$this->username));
if($record===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if($record->pwd!==$this->password)
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$record->id;
$this->setState('roles','main');
$this->errorCode=self::ERROR_NONE;
}
return !$this->errorCode;
}
I checked if state was really set, echoed out on view. Later i put that role in accessrules()
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view','create','update','admin','delete'),
'roles'=>array('main'),
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
And i can't access those pages with this user logged in. What is the problem ?

Have a look here, http://www.yiiframework.com/doc/guide/1.1/en/topics.auth
You need to create the main role and assign it via the user id.

If you need simple Role based access control without the long RBAC process then this article is just for you
http://www.yiiframework.com/wiki/328/simple-rbac/