How to make yii-user and rights extensions work together?

Foreword

Good time of day habravchane.

For a start I will introduce myself. My name is Roman, and I develop websites (mostly on the php framework “yii” , but other php \ python frameworks \ cs \ bikes \ bydlokody also skip). In our projects on yii, we often have to implement the trivial functions of registration, authorization, and so on. Plus, add to this the distribution of access rights for different users. I bet that every sensible developer has at least one blank implementation of this functionality, or he uses a third-party extension. So every time I used the same implementation, from project to project I finished it, integrated it with other parts of the system. But recently, I still decided to dig in the direction of ready-made solutions that would satisfy my needs and those were found fairly quickly. The 2 most popular extensions for yii from the official repository are “yii-user” and “rights” .

Integration

Both extensions are designed as modules. So it can be easily integrated into an existing project (if you already have user and rights modules in your project, make backups), but for cleanliness I will connect them in a new application. First you need to create it, how to do it is perfectly described in the documentation . Downloading add-ons and unpacking it into the / protected / modules folder (it may not be there, create it manually). Now in our project there are 2 new modules - “user” and “rights”. Enable them in the config (/protected/config/main.php).

'import'=>array( #... 'application.modules.user.*', 'application.modules.user.models.*', 'application.modules.user.components.*', 'application.modules.rights.*', 'application.modules.rights.models.*', 'application.modules.rights.components.*', #... ), 'modules'=>array( #... 'user' => array( //     ,    'tableUsers' => 'tbl_users', 'tableProfiles' => 'tbl_profiles', 'tableProfileFields' => 'tbl_profiles_fields', ), 'rights', #... ), 'components'=>array( #... 'user'=>array( 'class' => 'RWebUser', 'allowAutoLogin'=>true, ), 'authManager'=>array( 'class'=>'RDbAuthManager', 'defaultRoles' => array('Guest') //   ), #... ), 

Next, create tables in the mysql database from /protected/modules/user/data/schema.mysql.sql and /protected/modules/user/data/schema.sq files.
Hooray! We have successfully installed the modules. We are checking. Go to the link yiitest /? R = user and see -

By default, during the installation of the module, 2 users are created - the admin and demo with the admin and demo passwords, respectively. You can log in as admin: admin and see all the charms of this module. In brief about them:

• Ready implementation of registration, authorization, password recovery, account activation;
• There is a mechanism for additional profile fields. That is, you can painlessly fasten additional fields to the user profile, for example, date of birth, city, telephone, etc. You can customize the field name, type, code, default value, regular expression for validation, hang your widget instead of the standard input and many more different and tasty;
• Ready administration interface for the entire module (in CRUD style).

Now check yiitest /? R = rights . But to our surprise, we see error message 403 “There must be at least one superuser!” . Simple authorization under the admin here is not a ride. The module will still require authorization under the superuser. How to appoint him? It turns out that the rights module still has a certain installer, which is needed to add default values, among which, by the way, is the superuser status binding to the current user (by default, the installer is not available, it needs to be configured in the module settings). But we will ignore the installer and, like real Jedi, execute the following requests:

 INSERT INTO `AuthItem` (`name`, `type`, `description`, `bizrule`, `data`) VALUES ('Admin', 2, '', NULL, 'N;'), ('Authenticated', 2, ' ', NULL, 'N;'), ('Guest', 2, '', NULL, 'N;'); INSERT INTO `AuthAssignment` (`itemname`, `userid`, `bizrule`, `data`) VALUES ('Admin', '1', NULL, 'N;'), --  1    ID  (     ) ('Authenticated', '2', NULL, 'N;'); 

We update the page yiitest /? R = rights , if you again ask to log in under the superuser, log in with the user with ID = 1 (in our example, it is admin: admin). And, as they say in one wonderful country, voila! Immediately see the administration interface. Vkratse about opportunities:

• You can link multiple roles to one user;
• Operations are grouped;
• Roles can inherit permissions;
• Much more.

In order for our rules to work, the Controller must inherit from the RController class and add (or add) the filters method to it (Controller).

 public function filters(){ return array( #..., 'rights' ); } 

For sweet

All this of course is very cool, but in this whole scheme a small buggybug crept in (the developers didn’t provide for it, or I haven’t studied anything yet). Namely, after registering manually, the user will have to set the “Authenticated” role to the user. For this, I wrote a small crutch. In the “user” module in the components folder, create the OnAfterRegistrationBehavior.php file with the following contents:

 class OnAfterRegistrationBehavior extends CActiveRecordBehavior{ function afterSave($event){ //     $assignmentTable = Yii::app()->getAuthManager()->assignmentTable; //     $attr = $event->sender->getAttributes(); //         rights $defRole = Yii::app()->getModule('rights')->authenticatedName; //   Yii::app()->db->createCommand( "INSERT INTO {$assignmentTable} (`itemname`,`userid`,`bizrule`,`data`) VALUES ('{$defRole}','{$attr['id']}',NULL,'N;')")->execute(); } } 

Then to the “RegistrationForm” model we add the behavior “OnAfterRegistrationBehavior”

 public function behaviors(){ return array( 'OnAfterRegistrationBehavior' => array( 'class' => 'application.modules.user.components.OnAfterRegistrationBehavior' ) ); } 

Only after updating the user module do not forget to restore the behavior. Let's hope that the developers will screw the events to their controllers, so that in the future they would not have to resort to such crutches.
If someone knows a more elegant solution, I will be glad to hear.
')
Thanks for attention.