I am new to MVC, just a few doubt
I think "attributeLabels" should belongs to VIEW.
Because it is not a logic rule of data, It's about presentation of data.
I wonder why the login and authenticate is put in MODEL is good idea.
I will consider that there should be only one design of "How to login" or "What will you check when user login" in the whole site. I am not sure, but I feels like the Customization of "login and authenticate" should be some where out of MCV, like "protected/config/main.php". Or separate in someWhere. login and authenticate in MODEL quite strange in my concept.
If you put the attributeLabels in view, then every time u create a view (create,edit etc) using that model, u need to define the labels each time. Anyway there are ways to give label names in view. And it's not only in yii, in asp.net mvc, the name is also defined in model.
The login username,password comes from the query through the database models. So u need a controller and view for LoginForm.php. This is a reason to put it in models i believe.
Related
I have a project which includes admin and user section. Both section use the same controllers, just different functions and templates (ex: viewAdmin() and viewUser()). In function beforeRender() of every controllers, I set variable $admin as true for admin functions and false for user functions.
For authentication, I use Shibboleth. Shibboleth uses data from LDAP, while user types were saved in SQL-Database, that means while it can check if the login and password are false, it can't check if the user is admin or not. An user can go to ADMIN section as long as they use the right action (ex: go to the link http://example.com/tool/viewAdmin).
To prevent this, I will have to:
Load model Users
Compare the environment variable uid (login name) with the "login" columns in Users table in my SQL-Database
See the "type" column in Users table to know if user is admin or not.
Compare the result with value of $admin and redirect to an error page when necessary.
The problem is: I don't want to repeat those steps for EVERY controllers.
Currently I have 2 ideas:
Write a function in UsersController, and use it in every controllers.
Create a component and load it in every controllers.
Both methods require me changing code in all controllers. I would like to hear a better way with less work, perhaps by changing app.php or bootstrap.php.
Any suggestion is appreciated.
To share methods in CakePHP controllers you can do:
Create component and include in controller
Or create method in AppController and use it in child controllers
Or PHP way create Trait.
But when you authorize users, then all user data is stored in session, incl. is user roles (example admin, regular, member,.. )
Use the official CakePHP authentication plugin and extend the LDAP adapter with the additional code check you need. This is very easy to do and also a very clean way of solving the problem. Disclaimer: I'm one of the authors of the authentication plugin. https://github.com/cakephp/authentication
Or if you want to stay agnostic to any framework, use my library that is based on the authentication plugin and was decoupled from any framework but still works just nice with Cake https://github.com/Phauthentic/authentication.
I'm trying to build my own custom authenticate system on this framework.
I've set up RBAC of Yii. It's working well. It gives me roles.
Later on I've edited the code and now I can get users id, and username also.
But what I want is a bit more complicated.
I don't like this role system of RBAC, because you have fixed roles written inside code.
My idea is a user having usergroup ID. and in database I can manipulate what can does each usergroup.
So for example user loggs in and wants to make new topic,
While authenticate RBAC uses usergroup ID to connect to database and get all data according to this usergroup.
then it creates something like:
$this->setState('create_new_topoic', <info from database);
$this->setState('edit_topic', <info from database);
$this->setState('view_topic'', <info from database);
And then during application in controllers and views I will just use everywhere
if (isset(Yii::app()->user->create_new_topoic) AND (Yii::app()->user->create_new_topoic>0))
{ show 'create new topic button' }
Is this normal practice? I'm interested in how this will react on load of server and MYSQL. I'm overloading my application or such system is ok for server to handle?
What you want is what RBAC exactly can do. In fact, you give a ROLE to user instead of GROUP. Idea is:
Create Your operations (For example create/update)
Create appropriate roles based on your operations (For example Modifier, who can perform create and update)
Assign to users one or more appropriate roles
Wherever/Whenever you can easily check access of your users by their roles
Talking in code:
$rbac=Yii::app()->CAuthManager();
$rbac->createOperation('create','This is a description for this operation')
$rbac->createRole('modifier','This is a description for this role')
$rbac->assign('modifier','USER_ID')
$rbac->checkAccess('modifier')
Please do not limit yourself into RBAC methods provided by Yii. You can do every manipulations in your database and write your own customized methods. (I mean, while you are using rbac, you can customize the way you use it. For example considering groups as roles)
To be more clear, you can read Yii's RBAC document:
Yii's IAuthManager - RBAC
RBAC works just fine. Another method is 1) Assigning User Type to session variable at time of login. 2) Checking User Type in the View. The user table needs a User Type column obviously. I think that approach is fine, and it won't overload your server. Of course it will add a few miliseconds but it is required if you want the same view to display different things based on role.
In your UserIdentity File (/protected/components)
public function authenticate()
{
....
$this->setState('type', $user->type); //Set's Type here
$user->save();
....
}
In Your Views/Controllers
<?php if (Yii::app()->user->type == 'Finance') : ?>
{some code}
<?php else: ?>
{other code}
I am creating a login & registration system using CodeIgniter.
Currently I have a Model, View and Controller for login, with functions to validate,
check username, etc and an registration model, view and controller,
that does the registration.
I have chosen to separate the login and registration as a principle.
So right now i need to include functions to edit profile, and to check if logged in or not, and to check the user's role, and I would like to know how can i best do this, i have planned creating a user model and controller(no view), the main user controller would have the methods call to model's, but however the methods(updateprofile,islogin,etc) would be in different models, for example in the login model.
So is this design good/bad? How can it be done better. I would appreciate your suggestion's.
I really find no problem with your application structure. Its how you write your code and how will it easily be to update it in the future. For managing your models try using an ORM. PHPActiveRecord is a good start. With this, you no longer be creating alot of individual functions for your database transactions. Reference
You can create a User_Model and expand it as needed. You can see this CI auth lib for example as how build login & registration structure in CodeIgniter.
I'm coding a app for car selling, i'm stucked with auth component.
I have 3 kind of access:
admin: app owner
dealers: the owners of car dealers
user: people who whach car offers and make questions etc
i'm not working with roles, ech one (admin, dealer and users) has an username and password from diferent models, so i'm very lost.
i'm not asking for codes, i just wanna a good explanation about how can i deal with auth assuming this scenario.
Well it's just a matter of allowing/denying access for a certain user. If you can recognize the users model in controllers beforeFilter method, you can allow/deny access accordingly with $this->Auth->allow() or $this->Auth->deny() (in beforeFilter method). So maybe you can put some pseudo-role in the session after the login if you don't wish to have it in the db table. You can then put Auths allow/deny in conditions on the pseudo-role stored in Session.
Or have I misunderstood the question?
UPDATE
I just realized that you are probably refering to actual login. Changing the default Model is documented in CookBook. See userModel configuration key. Keep in mind that you are supposed to change this in beforeFilter method.
Building my first web app using Yii and wondering if it is best to include the user registration process as part of my UserController or is it better to create a registrationController and keep the logic separated?
And ...on the same line of thought, would it be beneficial to have a profileController to handle additional user information, or just have the userController handle that as well?
Is a registration the creation of a User?
Similarly is a profile just a view or update of a User?
It seems like these could all fit one controller fairly well as basic CRUD operations.
In my opinion you can make it to the UserController because the notion of registration is to create a new user. So I think you can make Register same with Create.
Actually, they are not very complex and could be in one controller. It is at least my own habit to include CRUD in one controller(Maybe my apps do not involve complex logic)
Does this form require the user to enter data that is not permanently stored in the dataabse? If so then you should create a new model derived from CFormModel rather than ActiveRecord. Your site controller can handle the launching of the CFormModel views which then take care of themselves (validation, ajax, whatever) if they don't need any dynamic interaction with server (LoginForm) or they can have a separate controller if more complex interaction is needed (RegisterForm). In a CFormModel you can access the user input during the session and process/store it however you like, but then it disappears when the user is done. See the LoginForm and RegisterForm for the blog demo, as example patterns.
Does this form have as much dynamic data interaction with other models as it does with User (not just one-off cascading of relationships)? In that case it might be best to create that separate RegisterController you mention. That's what the blog demo does, and it's a pretty simple app.
You can use gii to automatically create the CRUD interface for admin's and community moderators/managers from your User model. You can then customize it and renderPartial it whenever you want to reuse one of those views for a non-admin user. The validation rules in the models carry over too. Only guests and normally-privileged users need the dumbed down interface of a LoginForm and RegisterForm.
Good idea is to put user related stuff in module, so you could use it easy in different app. In that module you could put profile, or other user related controllers without clutttering app.