Check if user has access to operation in Yii RBAC

Question

I've implemented basic RBAC functionality in my application using Yii. There are roles, tasks and operations set up and working fine.

What I'm trying to accomplish is the following: on user login, check if the user is privileged to log in to this certain area of my application. There's a operation assigned to this particular task. The problem, however, is that the preferred method of checking is the user is permitted to use a operation is CWebUser::checkAccess, which isn't available in the login as the Yii login workflow goes like this:

• The user provides information needed for authentication.
• An identity instance is created with the user-provided information.
• Call IUserIdentity::authenticate to check if the identity is valid.
• If valid, call CWebUser::login to login the user, and Redirect the user browser to returnUrl.
• If not valid, retrieve the error code or message from the identity instance and display it.

taken from here

The CWebUser instance available globally via Yii::app()->user is not propagated while in the login state, (list items two and three) which makes perfect sense to me. However, in order to call checkAccess I'd need a CWebUser instance. CAuthManager doesn't seem to provide the functionality I need as it is (there's no method for checking if a user has a certain atomic permission (operation) or list all of them). In my example, the operation needed is mostly always assigned in conjunction with a role, but who knows - somebody might just have access to this one operation of logging in, which is a case I want to cover.

thanks a lot!

Answer 1

CAuthManager has already a checkAccess method, which performs what you need. For more information you can check Yii's official documents:

IAuthManager