Yii Rights extension – RBAC (Role based access control )

Mar 06 2012

Rights is a extension module in yii framework which can be used to have a interface for role based access control..

Using rights its very easy to manage various roles and permission in the application, and can be used as a standard for all projects..

Some Codes that people often need but are not documented..

1) To determine if the logged user is superuser

1 2
if(Yii::app()->user->isSuperuser)
echo "I am one of the superuser of application, I have all access to app.";
view raw gistfile1.txt hosted with ❤ by GitHub

 

2) Get all superusers in the application

1
var_dump(Yii::app()->getModule("rights")->getAuthorizer()->getSuperusers());
view raw gistfile1.txt hosted with ❤ by GitHub

 

3) Get all roles assigned to the logged-in user

1 2 3
$roles=Rights::getAssignedRoles(Yii::app()->user->Id);
foreach($roles as $role)
echo $role->name."<br />";
view raw gistfile1.txt hosted with ❤ by GitHub

 
4) Get all users of a particular role (Lets say there is a DataEntry as a role whose job is to enter data in the system)

1 2 3 4
$data_entry_users=Yii::app()->getAuthManager()->getAssignmentsByItemName('DataEntry');
$data_entry_users_id=array();
foreach($data_entry_users as $id=>$assignment)
$data_entry_users_id[]=$id;
view raw gistfile1.txt hosted with ❤ by GitHub

 
5) Assign a user a role in the system when he signs-up..

1 2 3 4 5 6 7
if(Yii::app()-&gt;user-&gt;isSuperuser)
$type=$_POST['Type'];</div>
else
 $type='User';
$authorizer = Yii::app()-&gt;getModule("rights")-&gt;getAuthorizer();
$authorizer-&gt;authManager-&gt;assign($type, $model-&gt;id);
view raw gistfile1.txt hosted with ❤ by GitHub

Case: When superuser is creating the user he has a drop-down List of all roles in the system and he can select a role for the new user..but if a person normally signs-up he doesn’t has that choice, he must be give User role..

Where $model->id is the id of new created user..

6) Generate drop-down of all available roles in the application for a superuser so that he can select a role while user creation..

1 2 3 4 5 6 7 8 9 10 11 12 13 14
<?php
if (Yii::app()->user->isSuperuser) {
$all_roles=new RAuthItemDataProvider('roles', array(
'type'=>2,
));
$data=$all_roles->fetchData();
?>
<div>
<label for="type_id">Type</label>
<?php echo CHtml::dropDownList("Type",'',CHtml::listData($data,'name','name'));?>
</div>
<?php
}
?>
view raw gistfile1.txt hosted with ❤ by GitHub

8 responses so far

  1. Very true, often needed but not documented. Thank’s a ton. Bookmark this :)

  2. Thanks a lot!

  3. thanks! bookmarked!

  4. Hi, thanks for the blog!
    I’m trying to understand what each table the rights module generated does. It seems that

    - tbl_authitem: stores the contents for roles, tasks and operations.
    - tbl_authitemchild: stores the relationship between roles, tasks and operations.
    - tbl_authassignment: stores the assignment of roles, tasks and operations to users.

    However, I’ve no idea what tbl_rights does. Can you advice me on that?

    Thanks!

  5. Hi Rajat, I created Superadmin to control whole system and Admin for create user only. But I don’t want to show the superadmin role at Admin when Admin create a new user account. How could I do that?

  6. Thanks. It really helped.

  7. Great post, many thanks ;)

  8. thanks!

Leave a Reply