Yii1.0 Custom Access Control With Dynamic Validation

This tutorial will help you to create a custom access method. I have done this method using "module-controller-action" method like "employee_employee_admin". Here i used the getState and setState method to show the dynamic error file with message(You can try better than this method). Before access the page we can validate the data using this method. For Sample validation,
1. Validation With $_GET parameter
2. Validation With $_POST parameter
3. Custom logical validation

After this code, I feel my application having one more security

Database Structure

Yii custom role and actions

 

Roles And Actions

AccessControl

"Components/AccessControl.php" files having the all the controller of roles and access with data.


<?php
class AccessControl extends CApplicationComponent
{
    public $array;
    public function init()
    {
    }

    public function ActionRoleCheck($module='',$controller='',$action='')
    {
        if($module!='' && $controller!='' && $action!='')
        {
            $module=strtolower($module);
            $controller=strtolower($controller);
            $action=strtolower($action);
            $action_url_for_function=$module.'_'.$controller.'_'.$action;
            $action=$module.'-'.$controller.'-'.$action;

            $actionmodel=Actions::model()->find("actionname=:action and isactive=1",array(":action"=>$action));
            if($actionmodel)
            {
                $employee=Employee::model()->findByPk(Yii::app()->user->getId());
                if($employee)
                {
                    $role_id=$employee->role_id;
                    $actionrole=ActionsRole::model()->find("role_id=:roleid and action_id=:actionid and isactive=1",array(":roleid"=>$role_id,":actionid"=>$actionmodel->id));
                    if($actionrole)
                    {
                        if($this->handleBeginRequest($action_url_for_function))
                            return true;
                        else
                            return false;
                    }
                }
            }
        }
        return false;
    }

    public function handleBeginRequest($action_url)
    {
        if(method_exists($this,$action_url))
        {
            $no=$this->$action_url();//employee_employee_admin
            if($no==1)
                return true;
            else
                $this->setErrorFilename($no);// show the error page based on number warning or error or access denied etc
        }else
            return 1;
    }
    
    // module-controller-action
    public function employee_employee_admin(){
        //write your data validation function here
        return 1; // or 2 or -2 etc.. your option
    }

    public function setErrorFilename($no){
        // you can use better method than getState and setState
        if($no==-1)
        {
            Yii::app()->user->setState('error_file','error_permission_record');
            throw new CHttpException(404,'You dont have permission to access this page.');
        }else if($no==-2)
        {
            Yii::app()->user->setState('error_file','error_permission_page');
            throw new CHttpException(404,'Requested record not found on the database.');
        }else
            throw new CHttpException(404,'You dont have permission to access this page.');
        }
    }
?>

Display the Error page

yii framework 1.0 permission error

yii framework 1.0 warning


<?php
class SiteController extends Controller
{
    .........
    public function actionError()
    {
        if($error=Yii::app()->errorHandler->error)
        {
            $filename= Yii::app()->user->getState('error_file');
            Yii::app()->user->setState('error_file','');
            $filename=is_string($filename) && $filename!=''?$filename:'error';
            if(Yii::app()->request->isAjaxRequest)
                echo $error['message'];
            else
                $this->render($filename, $error);//display the file based on getState
        }
    }
    .........
}
?>