Yii access rules - isAdmin

In a previous article,  User defined rules for Access rights, I described the basic access rules available in Yii.

One area that often seems to confuse Yii developers is the Admin access restriction. The default created by Gii is:


 
 public function accessRules()
 {
 return array(
 array('allow',  // allow all users to perform 'index' and 'view' actions
 'actions'=>array('index','view'),
 'users'=>array('*'),
 ),
 array('allow', // allow authenticated user to perform 'create' and 'update' actions
 'actions'=>array('create','update'),
 'users'=>array('@'),
 ),
 array('allow', // allow admin user to perform 'admin' and 'delete' actions
 'actions'=>array('admin','delete'),
 'users'=>array('admin'),
 ),
 array('deny',  // deny all users
 'users'=>array('*'),
 ),
 );
 }

This gives a user called 'admin' rights.  This is OK for a demo system but is not much use in a production system.

In my previous article, I mentioned that I created a function in the controller called isAdmin to check whether the current user has superuser access rights.

However, this function will depend on what user authentication system you have implemented. If, for example, you have implemented yii-user you can use a call to the UserModule as follows:


 public function isAdmin() {
            $user=User::model()->active()->findbyPk(Yii::app()->user->id);
            return UserModule::isAdmin();
        }

and thus your user access rule would use the expression operator as follows:-



public function accessRules()
 {
            return array(
 ...
            array('allow', // allow admin user to perform 'admin' and 'delete' actions
                        actions'=>array('delete', 'admin'),
                        'expression'=>'Yii::app()->controller->isAdmin()',
                        ),
                        ...
            );
 }

However, using this method means that you have to define the isAdmin function in each controller, which is a bit of a pain.  You cannot call the UserModule::isAdmin() directly since, when the access rules are called, the UserModule has not been instantiated.  Therefore, you have to force the instantiation by, in turn, instantiating the User model within the UserModule.

Wouldn't it be nice then to have a really simple User authentication system that would respond to an simple isAdmin check.

In my next article, I am going to show you how to build a nice simple user authentication system based on a User table that also gives some basic WordPress style role management

If you found this article useful » please consider liking me on Facebook


Did you know you can hire me?

I take on projects of all sizes. From Consulting to large Development Projects.

If you're starting a new Yii project and would like some help to get setup and running or you need some help with a particular module or you just need someone to develop the whole dang thing, then just ask ...


Jumpstart Yii2 ... Coming Soon!

I'm in the process of planning a new course on Yii2 and want your feedback.

What is your preferred format? What did you think of my Yii 1.x video course "Beginning Yii"?

What would you like to see different?

How much would you pay?

One comment

  • kira
    30/10/2012

    Thanks. Save lot of my times.

Leave a Comment

twitterfacebookgooglelinkedin https://me.yahoo.com