This tutorial will help you to create a custom access method. I have done this method using “module-controller-action” method like “employee_employee_admin”. Here i used the getState and setState method to show the dynamic error file with message(You can try better than this method). Before access the page we can validate the data using this method. For Sample validation,
1. Validation With $_GET parameter
2. Validation With $_POST parameter
3. Custom logical validation
After this code, I feel my application having one more security
Database Structure
AccessControl
“Components/AccessControl.php” files having the all the controller of roles and access with data.
<?php class AccessControl extends CApplicationComponent { public $array; public function init(){} public function ActionRoleCheck($module='',$controller='',$action=''){ if($module!='' && $controller!='' && $action!=''){ $module=strtolower($module); $controller=strtolower($controller); $action=strtolower($action); $action_url_for_function=$module.'_'.$controller.'_'.$action; $action=$module.'-'.$controller.'-'.$action; $actionmodel=Actions::model()->find("actionname=:action and isactive=1",array(":action"=>$action)); if($actionmodel){ $employee=Employee::model()->findByPk(Yii::app()->user->getId()); if($employee){ $role_id=$employee->role_id; $actionrole=ActionsRole::model()->find("role_id=:roleid and action_id=:actionid and isactive=1",array(":roleid"=>$role_id,":actionid"=>$actionmodel->id)); if($actionrole){ if($this->handleBeginRequest($action_url_for_function)) return true; else return false; } } } } return false; } public function handleBeginRequest($action_url) { if(method_exists($this,$action_url)){ $no=$this->$action_url();//employee_employee_admin if($no==1) return true; else $this->setErrorFilename($no);// show the error page based on number warning or error or access denied etc }else return 1; } // module-controller-action public function employee_employee_admin(){ //write your data validation function here return 1; // or 2 or -2 etc.. your option } public function setErrorFilename($no){ // you can use better method than getState and setState if($no==-1){ Yii::app()->user->setState('error_file','error_permission_record'); throw new CHttpException(404,'You dont have permission to access this page.'); }else if($no==-2){ Yii::app()->user->setState('error_file','error_permission_page'); throw new CHttpException(404,'Requested record not found on the database.'); }else throw new CHttpException(404,'You dont have permission to access this page.'); } } ?>
Display the Error page
<?php class SiteController extends Controller { ......... public function actionError() { if($error=Yii::app()->errorHandler->error) { $filename= Yii::app()->user->getState('error_file'); Yii::app()->user->setState('error_file',''); $filename=is_string($filename) && $filename!=''?$filename:'error'; if(Yii::app()->request->isAjaxRequest) echo $error['message']; else $this->render($filename, $error);//display the file based on getState } } ......... } ?>