Error checking for role in yii1 controller?

E

EVOSandru62015-12-27 02:16:23

Yii

EVOSandru6, 2015-12-27 02:16:23

Good afternoon,
Organized access to controllers based on roles as indicated in the documentation:
yiiframework.ru/doc/cookbook/ru/access.rbac.file

<?php
class UserIdentity extends CUserIdentity
{
    protected $_id;
    public function authenticate()
    {
        $user = Users::model()->find('LOWER(email)=?',
            [
                strtolower($this->username)
            ]);
        if(
            $user->confirm &&
            (
                ($user  === null) || (md5($this->password) !== $user->password)
            )
        )
            $this->errorCode = self::ERROR_USERNAME_INVALID;
    else 
    {
            $this->_id                  =    $user->id;
            $this->username             =    $user->name;
            $this->setState('id',           $user->id);
            $this->setState('email',        $user->email);
            $this->setState('role',         $user->role_id);
            $this->setState('sex',          $user->sex_id);
            $this->setState('adress',       $user->adress);
            $this->setState('postcode',     $user->postcode);
            $this->setState('role_name',    $user->role->name);
            $this->setState('telephone',    $user->telephone);
            $this->setState('country',      $user->country);
            $this->setState('city',         $user->city);

            $this->errorCode = self::ERROR_NONE;
        }
        return !$this->errorCode;
    }
    public function getId(){
        return $this->_id;
    }
}

<?php
class WebUser extends CWebUser
{
    private $_model = null;
    public $loginUrl = ['users/login'];
    private function getModel()
    {
        if (!$this->isGuest && $this->_model === null)
        {
            $this->_model       =   Users::model()->findByPk($this->id); // , $criteria
        }
        return $this->_model;
    }

    function getRole()
    {
        if($user = $this->getModel())
        {
            // в таблице User есть поле role
            return $user->role_id;
        }
    }
    public function getEmail()
    {
        if ($user = $this->getModel())
            return $user->email;
    }
    function getRoleName()
    {
        if($user = $this->getModel())
            return $user->role->name;
    }
    public function getSex()
    {
        if ($user = $this->getModel())
            return $user->sex_id;
    }
    public function getTelephone()
    {
        if ($user = $this->getModel())
            return $user->telephone;
    }
    function getId()
    {
        if($user = $this->getModel())
            return $user->id;
    }
    public function getCountry()
    {
        if ($user = $this->getModel())
            return $user->country;
    }
    public function getCity()
    {
        if ($user = $this->getModel())
            return $user->city;
    }
    public function getAdress()
    {
        if ($user = $this->getModel())
            return $user->adress;
    }
    public function getPostcode()
    {
        if ($user = $this->getModel())
            return $user->postcode;
    }
}

class PhpAuthManager extends CPhpAuthManager
{
    public function init()
    {
        if($this->authFile  === null)
            $this->authFile =   Yii::getPathOfAlias('application.config.auth').'.php';
        parent::init();
        if(!Yii::app()->user->isGuest)
        {
            $this->assign
            (
                Yii::app()->user->role
                , Yii::app()->user->id
            );
        }
    }
}

protected/config/auth.php

return
   [
       'guest' =>
       [
           'type'           =>      CAuthItem::TYPE_ROLE,
           'description'    =>      'Guest',
           'bizRule'        =>      null,
           'data'           =>      null
       ],
       '2' =>
       [
           'type'           =>       CAuthItem::TYPE_ROLE,
           'description'    =>      'customer',
           'children'       =>
           [
               'guest', // унаследуемся от гостя
           ],
           'bizRule'        =>      null,
           'data'           =>      null
       ],
       '3' =>
       [
           'type'           =>      CAuthItem::TYPE_ROLE,
           'description'    =>      'moderator',
           'children'       =>
           [
               'customer',          // позволим модератору всё, что позволено пользователю
           ],
           'bizRule'        =>      null,
           'data'           =>      null
       ],
       '4' =>
       [
           'type'           =>      CAuthItem::TYPE_ROLE,
           'description'    =>      'admin',
           'children'       =>
           [
               'moderator',          // позволим модератору всё, что позволено пользователю
           ],
           'bizRule'        =>      null,
           'data'           =>      null
       ],
   ];

The Users class has role constants:

const ID_CUSTOMER       =   2;
    const ID_MODERATOR    =   3;
    const ID_ADMIN              =   4;

For some reason, the user with role 4 gets an exception that there are not enough rights (403), although the controller has this construction:

public function accessRules()
    {
        return
    [
            ['allow',
                'actions'=>
        [
          'show',
          'index',
          'view',
          'admin',
          'toggle',
          'update'
        ],
                'roles'	=> [ Users::ID_ADMIN ],
            ],
            ['deny',
                'users'=>['*'],
            ],
        ];
    }

If I comment on 'accessControl' I paint:

echo Users::ID_ADMIN .':'.Yii::app()->user->role;
    die();

I get 4:4, what could be the problem?
Also, when accessControl is commented out
, if I write in actionIndex:

if(Yii::app()->user->checkAccess('4'))
echo "hello, I'm administrator";
else
echo Users::ID_ADMIN .':'.Yii::app()->user->role;
die();

Then I catch:

hello, I'm administrator
Some kind of glitch in accessRules