Yii framework. Active Record Relationnels. We have already seen how to use Active Record (AR) to select data from a single database table. In this section, we describe how to use AR to join several related database tables and bring back the joint data set. In order to use relational AR, it is recommended that primary-foreign key constraints are declared for tables that need to be joined. The constraints will help to keep the consistency and integrity of the relational data. For simplicity, we will use the database schema shown in the following entity-relationship (ER) diagram to illustrate examples in this section. ER Diagram Info: Support for foreign key constraints varies in different DBMS. 1. Before we use AR to perform relational query, we need to let AR know how one AR class is related with another.
Relationship between two AR classes is directly associated with the relationship between the database tables represented by the AR classes. Declaring relationship in AR involves overriding the relations() method of CActiveRecord. Or. Model password confirmation field. I had some troubles with the password confirmation field for when adding updating user records, so i thought that i should share the way i got it working. The scenario is the basic one, you have a database table (say user) and this table has a field called password, which is a sha1/md5/etc hash of the user password. This is the workflow: When you create a new user, the password needs to be hashed and saved, but when you update a user record, if the same scenario happens, we end up with a hash of the user hashed password, and we don't want this. Instead, on update, we will empty the user password from the model object, store it temporary in another variable then check to see if the password has been submitted in the form, if it was, it means the user password needs to be updated, therefore we need to hash the password(which is plain text now), if it wasn't submitted, then it means it doesn't need to be updated therefore, we restore it from the temporary variable.
So, here we go, the model: Authentication and Authorization. Authentication and authorization are required for a Web page that should be limited to certain users. Authentication is about verifying whether someone is who they claim to be. It usually involves a username and a password, but may include any other methods of demonstrating identity, such as a smart card, fingerprints, etc. Authorization is finding out if the person, once identified (i.e. authenticated), is permitted to manipulate specific resources. This is usually determined by finding out if that person is of a particular role that has access to the resources. Yii has a built-in authentication/authorization (auth) framework which is easy to use and can be customized for special needs.
The central piece in the Yii auth framework is a pre-declared user application component which is an object implementing the IWebUser interface. The user component represents the persistent identity information for the current user. 1. An Example Storing passwords in the database 2. 3. 4. 5. Array( ...... Simple RBAC. If you need simple Role based access control without the long RBAC process then this article is just for you. Lets jump to the point. The user model ¶ On your user table make a column named 'roles'.
Create the model accordingly. When you add users you can assign them a role among 'admin', 'user', 'staff' etc etc. The authentication ¶ In the file "protected/components/UserIdentity.php" write something like: The important line is $this->setState('roles', $record->roles); It adds user roles to their session. Checking permissions: structure ¶ Modify or create the "WebUser.php" file under the "protected/components" directory so that it overloads the checkAccess() method. <? You can define your own logic in this checkAccess() methods. Make sure this class is used by Yii. 'components' => array( 'user' => array( 'class' => 'WebUser', ), Sidenote:CWebUser::checkAccess() usually connects to the authorization system loaded in Yii.
Checking permissions: usage ¶ See examples below. The controller must contain: Class Reference.