Controller Access Control With the Yii Rights Module

It's easy enough to determine how the Yii Rights module works when used to perform inline access control checks in your code. You simply call ($user->checkAccess($operation) === true), and the internal details are easy enough to dig into. But how does it work with your controllers to allow or deny access to a page (or more specifically, an action in your controller)?

If you haven't yet read up on access control filters, you should check out the official Yii Controller Basics first and get familiar with filter chains. Then come back and read the rest of this post.

It's very easy to implement the Rights module's filter chain. All you have to do is make a few small updates in your controller's filters() function. It should look like the following:

public function filters()
{
        return array(
                'rights',
        );
}

This will ensure that the Rights module access control filter will be executed for each action in this controller. Note, however, you need to have operations set up for each action in this controller, with the proper permissions assigned for each action. Otherwise you won't be able to view the pages rendered by this controller at this time. To set these up, navigate to /rights/authItem/ and create your operations and permissions.

That's literally all there is to do. The internals of the Rights module will interact with the built-in Yii filter chain management to handle access control. If you're curious how the Rights module does its thing, the best place to start is the function preFilter() in /webapp/protected/modules/rights/components/RightsFilter.php.

For example, here is the function stack when a user is denied access:

Array
(
    [0] => Array
        (
            [file] => /yii/framework/web/auth/CWebUser.php
            [line] => 353
            [function] => trace
        )

    [1] => Array
        (
            [file] => /webapp/protected/modules/rights/components/RController.php
            [line] => 60
            [function] => loginRequired
        )

    [2] => Array
        (
            [file] => /webapp/protected/modules/rights/components/RightsFilter.php
            [line] => 57
            [function] => accessDenied
        )

    [3] => Array
        (
            [file] => /yii/framework/web/filters/CFilter.php
            [line] => 39
            [function] => preFilter
        )

    [4] => Array
        (
            [file] => /webapp/protected/modules/rights/components/RController.php
            [line] => 36
            [function] => filter
        )

    [5] => Array
        (
            [file] => /yii/framework/web/filters/CInlineFilter.php
            [line] => 59
            [function] => filterRights
        )

    [6] => Array
        (
            [file] => /yii/framework/web/filters/CFilterChain.php
            [line] => 131
            [function] => filter
        )

    [7] => Array
        (
            [file] => /yii/framework/web/CController.php
            [line] => 292
            [function] => run
        )

    [8] => Array
        (
            [file] => /yii/framework/web/CController.php
            [line] => 266
            [function] => runActionWithFilters
        )

    [9] => Array
        (
            [file] => /yii/framework/web/CWebApplication.php
            [line] => 276
            [function] => run
        )

    [10] => Array
        (
            [file] => /yii/framework/web/CWebApplication.php
            [line] => 135
            [function] => runController
        )

    [11] => Array
        (
            [file] => /yii/framework/base/CApplication.php
            [line] => 162
            [function] => processRequest
        )

    [12] => Array
        (
            [file] => /webapp/index.php
            [line] => 14
            [function] => run
        )
)

Hope this helps with your understanding!

Category:
Tags:

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.