RBAC in Yii, Guest not authorized

Question

Im trying to implement RBAC in Yii (using the rights module).

When trying to authorize an unauthenticated user (Guest), CWebUser calls CDbAuthManager:

$access=Yii::app()->getAuthManager()->checkAccess($operation,$this->getId(),$params);

CDbAuthManager then tries to get the authassignments of the user

$assignments=$this->getAuthAssignments($userId);

The problem is, because the user is a Guest, $userId is null, and $assignments is an empty array. Therefore i can not i cannot authorize a guest user to any action (unless declaring allowedActions())

What am i doing wrong?

not entirely sure this is related but I strongly recommend avoiding Guest role checking. If its open to guest than it should be open to all then I typically lose the checkAccess() call. Why? See [here](https://github.com/yiisoft/yii/issues/742) — Boaz Rymland, Oct 28 '12 at 13:27

score 1 · Accepted Answer · edited Jun 14 '14 at 18:52

1

Make sure Guest is added to the defaultRoles in your config. Also make sure the Guest role has a bizRule which has the expression

return Yii::app()->user->isGuest

edited Jun 14 '14 at 18:52

redDevil

1,909
17
25

answered Oct 30 '12 at 13:51

SnIpY

662
2
10
27

`return Yii::app()->user->isGuest;` – jborch Oct 30 '12 at 18:12
Actually, implementing bizrule for Guest user, inheritance doesn't work. Ie Guest -> Authenticated. By removing the rule, and keeping Guest in defaultRoles, i get the result i want. I think :). – jborch Oct 30 '12 at 19:35

RBAC in Yii, Guest not authorized

1 Answers1