Yii User Authetication and Authorization Module Tutorial

Commonly, user authetication includes the functions, such as user creation with username and password, user login, user logout, etc. While user authorization should include rights tree creation(operation rights or data rights), rights assignment to user, user right checking.

Yii has a built-in authentication/authorization (auth) framework which is easy to use and can be customized for special needs. Also, there are some modules tailored to the needs.

Yii’s build-in authentication/authorization framework allows you integrate your own user management to Yii’s role-base access control framework. By the way, if you want to create a new application with user and rights management module, using yii framwork may be your best choice, because it is so fast for you.

Here, I will explain the following topics, 

1. I DON’T have my own user management system, I just want to create a new application with user authentication system and authorization system.

2. I have a user management system, I need to integrate RBAC system to it.  (Please refer to section “rbac management module installation and integration to yii-user”)

Please Pay Attention the the text I comment with red color

New application

I recommend two modules rbac mangement (http://www.yiiframework.com/extension/rbac-manager/)  and user management module (http://www.yiiframework.com/extension/yii-user/). They are LGPL or New BSD licensed.

There are THREE steps included, yii-user module installation, rbac management module installation and integration between the two module

yii-user module installation

Some from http://www.yiiframework.com/extension/yii-user/

    1. copy yii-user module to protected/modules (if the modules, not exist, please create it) and name the module with “user”
    2. Edit config/main.php
    // autoloading model and component classes
    'import'=>array(
        # added for yii-user
        'application.modules.user.models.*',
        'application.modules.user.components.*',
    ),
    #...
    'modules'=>array(
        #... added for yii-user
        'user'=>array(
            'hash' => 'md5', # encrypting method (php hash function)
            'sendActivationMail' => true, # send activation email
            'loginNotActiv' => false, # allow access for non-activated users
            'activeAfterRegister' => false,# activate user on registration (only sendActivationMail = false)
            'autoLogin' => true, # automatically login from registration
            'registrationUrl' => array('/user/registration'), # registration path
            'recoveryUrl' => array('/user/recovery'), # recovery password path
            'loginUrl' => array('/user/login'), # login form path
            'returnUrl' => array('/user/profile'), # page after login
            'returnLogoutUrl' => array('/user/login'), # page after logout
        ),
        # ...
    ),
    #...
    // application components
    'components'=>array(
        'db'=>array(
        #...
            'tablePrefix' => 'tbl_',
        #...
        ),
        #...
        'user'=>array(
            // enable cookie-based authentication
            'class' => 'WebUser',
            'allowAutoLogin'=>true,
            'loginUrl' => array('/user/login'),
        ),
    #...
    ),
    #...
);
        
    1. Edit config/console.php
    'modules'=>array(
        'user'=>array(
            'hash' => 'md5', # encrypting method (php hash function)
            'sendActivationMail' => true, # send activation email
            'loginNotActiv' => false, # allow access for non-activated users
            'activeAfterRegister' => false, # activate user on registration (only sendActivationMail = false)
            'autoLogin' => true, # automatically login from registration
            'registrationUrl' => array('/user/registration'), # registration path
            'recoveryUrl' => array('/user/recovery'), # recovery password path
            'loginUrl' => array('/user/login'), # login form path
            'returnUrl' => array('/user/profile'), # page after login
            'returnLogoutUrl' => array('/user/login'), # page after logout
        ),
        #...
    ),
    #...
  1. open commnd line widown (cmd or ..)cd your_app_dir_with_file_yiic.php_in_it
  2. yiic migrate –migrationPath=application.modules.user.migrations

Notice:
1.  Please do NOT forget to config “console” configuration file
2. You may come up against problem at last step. The keys are a) the yiic must be the one of your application, not the one in framework library. b) the migrationPath must be full namespace. 

rbac management module installation and integration to yii-user

Please refer to http://www.yiiframework.com/extension/rbac-manager/

for integration, the rbac module should be configured,

  1. Copy rabc folder to protected/modules/rbac.
  2. Execute modules/rbac/data/schema.sql to create table structure and initial data
  3. To make sure there is a user with id 1 in table xx_users
  4. add modules in main.php
    'rbac' => array(
    'tableUser' => 'xxxx_users', // xxxx_ is the table prefix, users is the table of yii-user module
    'columnUserid' => 'id', // The PRIMARY column of the User Table
    'columnUsername' => 'username', // used to display name and could be same as columnUserid
    'columnEmail' => 'email' // email (only for display)
     ),
    
  5. add the following line to layouts/main.php for best look of rbac backend 
    <link rel="stylesheet" type="text/css" href="<?php echo Yii::app()->request->baseUrl; ?>/css/rbac.css" />;
  6. add authManager
    'authManager'=>array(
                'class'=>'CDbAuthManager', // Database driven Yii-Auth Manager
                'connectionID'=>'db', // db connection as above
            'defaultRoles'=>array('registered'), // default Role for logged in users
            'showErrors'=>true, // show eval()-errors in buisnessRules
        ),</pre>
    
  7. you can http://hostname/applicationname/index.php?r=rbac to check the rbac backend

Replace the logic of site/login with new user/login

Replace the logic of site/logout with new user/logout

Done