Yii Authorization Assignment - Where does Yii get the Id?

Question

I'm trying to implement my first RBAC system:

I'm getting to this part:

In oficial documentation, they have an example with a username:

$auth->assign('adminRole', 'userA'); 
$auth->assign('adminRole', 'userB');

However, I did found that, on my case, the ID will work instead.

$auth->assign('adminRole', '8'); 
$auth->assign('adminRole', '9');

Why did the ID work, and not the username? I presumed it was because, somewhere, we have overwrite the getId() method from UserIdentity.

However, after keep following the documentation, and the Yii code, I notice that the assign() method, does not accept a child of CUserIdentity, it uses, IWebUser interface, instead.

I then go to CWebUser and I notice the getId() method has the following:

/**
     * Returns a value that uniquely represents the user.
     * @return mixed the unique identifier for the user. If null, it means the user is a guest.
     */
    public function getId()
    {
        return $this->getState('__id');
    }

I keep following this, and I end up on a $_SESSION[$key] and now I'm confused.

What id is that? I presume is the primary key of my user database table.

But how does CWebUser knows about my user database table (that's called tbl_site_user) btw.

The only configuration I have that do relates the user, and the authorization is this, on my main config file:

'authManager'=>array(
            'class'=>'CDbAuthManager',
            'connectionID'=>'db',
        ),

Where did Yii got the ID on $auth->assign second argument?

score 1 · Accepted Answer · answered Sep 10 '14 at 00:17

1

At some point in your code you call CWebUser::login(), probably with Yii::app()->user->login($identity);.

public function login($identity,$duration=0)
{
    $id=$identity->getId();
    $states=$identity->getPersistentStates();
    if($this->beforeLogin($id,$states,false))
    {
        $this->changeIdentity($id,$identity->getName(),$states);
...

This method accepts your CUserIdentity object, extracts the id from it, and calls CWebUser::changeIdentity().

protected function changeIdentity($id,$name,$states)
{
    Yii::app()->getSession()->regenerateID(true);
    $this->setId($id);
    $this->setName($name);
    $this->loadIdentityStates($states);
}

Where CWebUser::setId() is called.

public function setId($value)
{
    $this->setState('__id',$value);
}

Which sets the __id session state.

answered Sep 10 '14 at 00:17

Willem Renzema

5,177
1
17
24

I'm looking at the default Yii setup. No modules, nothing. I have a action login on my site controller. Is the only login I have. It doesn't accept any CUserIdentity. I have, however, a method authenticate under `LoginForm` MODEL. But there's no call for a changeIdentity. So, unfortunately, I can't really follow your steps. :( – MEM Sep 10 '14 at 10:49
You just need to find `CWebUser::login()`, as that calls `CWebUser::changeIdentity` and all subsequent steps. `Yii::app->user` is a `CWebUser` object (by default). Unless you've made major changes to the default code, `Yii::app()->user->login()` should appear somewhere in the LoginForm class. – Willem Renzema Sep 10 '14 at 14:36
Find it. ;) All clear. Thanks a lot for taking the time to deep into it. – MEM Sep 10 '14 at 16:54

Yii Authorization Assignment - Where does Yii get the Id?

1 Answers1