Yii1.0 Custom Access Control With Dynamic Validation

This tutorial will help you to create a custom access method. I have done this method using “module-controller-action” method like “employee_employee_admin”. Here i used the getState and setState method to show the dynamic error file with message(You can try better than this method). Before access the page we can validate the data using this method. For Sample validation,
1. Validation With $_GET parameter
2. Validation With $_POST parameter
3. Custom logical validation

After this code, I feel my application having one more security

Database Structure

 

Yii custom role and actions

Yii custom role and actions

 

Roles And Actions

Roles And Actions

 

AccessControl

“Components/AccessControl.php” files having the all the controller of roles and access with data.

<?php
class AccessControl extends CApplicationComponent
{
	public $array;
	public function init(){}
	
	public function ActionRoleCheck($module='',$controller='',$action=''){
		if($module!='' && $controller!='' && $action!=''){
			$module=strtolower($module);
			$controller=strtolower($controller);
			$action=strtolower($action);
			$action_url_for_function=$module.'_'.$controller.'_'.$action;
			$action=$module.'-'.$controller.'-'.$action;
			
			$actionmodel=Actions::model()->find("actionname=:action and isactive=1",array(":action"=>$action));
			if($actionmodel){
				$employee=Employee::model()->findByPk(Yii::app()->user->getId());
				if($employee){
					$role_id=$employee->role_id;					
					$actionrole=ActionsRole::model()->find("role_id=:roleid and action_id=:actionid  and isactive=1",array(":roleid"=>$role_id,":actionid"=>$actionmodel->id));
					if($actionrole){
						if($this->handleBeginRequest($action_url_for_function))
							return true;
						else
							return false;
					}
				}
			}
		}
		return false;
	}
	
	public function handleBeginRequest($action_url)
	{
		if(method_exists($this,$action_url)){
			$no=$this->$action_url();//employee_employee_admin
			if($no==1) 
				return true;
			else
				$this->setErrorFilename($no);// show the error page based on number warning or error or access denied etc
		}else
			return 1;
	}
	// module-controller-action
	public function employee_employee_admin(){
		//write your data validation function here
		return 1; // or 2 or -2 etc.. your option
	}
	
	public function setErrorFilename($no){
		// you can use better method than getState and setState
		if($no==-1){
			Yii::app()->user->setState('error_file','error_permission_record');
			throw new CHttpException(404,'You dont have permission to access this page.');
		}else if($no==-2){
			Yii::app()->user->setState('error_file','error_permission_page');
			throw new CHttpException(404,'Requested record not found on the database.');
		}else
			throw new CHttpException(404,'You dont have permission to access this page.');
	}
}
?>

Display the Error page

yii framework 1.0 permission error

yii framework 1.0 warning

<?php
class SiteController extends Controller
{
	.........
	public function actionError()
	{
		if($error=Yii::app()->errorHandler->error)
		{
			$filename= Yii::app()->user->getState('error_file');
			Yii::app()->user->setState('error_file','');
			$filename=is_string($filename) && $filename!=''?$filename:'error';
			if(Yii::app()->request->isAjaxRequest)
				echo $error['message'];
			else
				$this->render($filename, $error);//display the file based on getState
		}
	}
	.........
}
?>

Leave a Reply

Your email address will not be published. Required fields are marked *