1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
<com:TContent ID="Main">
<h1>Authentication and Authorization</h1>
<p>
Before we set off to implement the user pages, we need to do some work to enable <a href="http://www.pradoframework.net/site/demos/quickstart/index.php?page=Advanced.Auth">authentication and authorization</a>.
</p>
<p>
We add two new modules to the application configuration as follows:
</p>
<com:TTextHighlighter CssClass="source" Language="xml">
<modules>
...TDataSourceConfig and TActiveRecordConfig modules...
<module id="auth"
class="System.Security.TAuthManager"
UserManager="users"
LoginPage="users.LoginUser" />
<module id="users"
class="System.Security.TDbUserManager"
UserClass="Application.BlogUser" />
</modules>
</com:TTextHighlighter>
<p>
The <a href="http://pradosoft.github.io/docs/manual/class-TAuthManager">TAuthManager</a> module manages the whole authentication and authorization workflow. It uses the <tt>users</tt> module as its user manager (see below). By specifying the <tt>LoginPage</tt> property, we inform the auth manager to redirect user's browser to the <tt>LoginUser</tt> page when an authorization fails. We will describe how to create <tt>LoginUser</tt> in the next subsection.
</p>
<p>
The <tt>user</tt> module is of class <a href="http://pradosoft.github.io/docs/manual/class-TDbUserManager">TDbUserManager</a> which is responsible to verify the validity of a user and keep basic user data in the PHP session. The <tt>UserClass</tt> property is initialized as <tt>Application.BlogUser</tt>, which indicates the user manager would look for a <tt>BlogUser</tt> class under the directory <tt>protected</tt> (remember the alias <tt>Application</tt> refers to the <tt>protected</tt> directory) and use it to keep user's session data.
</p>
<p>
As we will see in later sections, in controls and pages, we can use <tt>$this->User</tt> to obtain the <tt>BlogUser</tt> object which contains the information of the user currently accessing the system.
</p>
<p>
Below is the implementation detail of <tt>BlogUser</tt>. Notice <a href="http://www.pradoframework.net/site/demos/quickstart/index.php?page=Database.ActiveRecord">Active Record</a> is used to perform DB query. For example, we use <tt>UserRecord::finder()->findByPk($username)</tt> to look for the primary key specified by <tt>$username</tt> in the <tt>users</tt> table.
</p>
<com:TTextHighlighter CssClass="source" Language="php">
// Include TDbUserManager.php file which defines TDbUser
Prado::using('System.Security.TDbUserManager');
/**
* BlogUser Class.
* BlogUser represents the user data that needs to be kept in session.
* Default implementation keeps username and role information.
*/
class BlogUser extends TDbUser
{
/**
* Creates a BlogUser object based on the specified username.
* This method is required by TDbUser. It checks the database
* to see if the specified username is there. If so, a BlogUser
* object is created and initialized.
* @param string the specified username
* @return BlogUser the user object, null if username is invalid.
*/
public function createUser($username)
{
// use UserRecord Active Record to look for the specified username
$userRecord=UserRecord::finder()->findByPk($username);
if($userRecord instanceof UserRecord) // if found
{
$user=new BlogUser($this->Manager);
$user->Name=$username; // set username
$user->Roles=($userRecord->role==1?'admin':'user'); // set role
$user->IsGuest=false; // the user is not a guest
return $user;
}
else
return null;
}
/**
* Checks if the specified (username, password) is valid.
* This method is required by TDbUser.
* @param string username
* @param string password
* @return boolean whether the username and password are valid.
*/
public function validateUser($username,$password)
{
// use UserRecord Active Record to look for the (username, password) pair.
return UserRecord::finder()->findBy_username_AND_password($username,$password)!==null;
}
/**
* @return boolean whether this user is an administrator.
*/
public function getIsAdmin()
{
return $this->isInRole('admin');
}
}
</com:TTextHighlighter>
</com:TContent>
|
