Yii Framework Access Control Lists
In my series Learning the Yii Framework, I discuss the individual parts of the MVC (Model, View, Controller) architecture in some detail, from a Yii perspective. In the post on Controllers, I introduce Access Control Lists (ACLs), Yii’s default way of restricting who can take what actions. This is a key part of the security of any Web application. For example, a site’s content can often be read by anyone at all, registered or non-registered users alike (like the text you’re reading now). Some content may only be viewable by registered users and some by registered users of a certain type (e.g., paid members). Finally, some content may only be viewable by administrators. In this post, I detail how to completely control access to your Web application using Yii’s Access Control Lists. (continue reading…)
Custom Authentication using the Yii Framework
In a previous post, I walk through the Yii framework’s built-in authentication system for adding login functionality to a Web site. There are a number of files and components involved, but simple authentication works fine out of the box, or with just a little tweaking. That’s the focus of that previous post. In this post, I explain how you can customize the authentication process further. (continue reading…)
Simple Authentication with the Yii Framework
I wanted to write up a strong post on Access Control Lists in Yii, for controlling who can do what in an application. I still will, of course, but since authorization depends upon authentication, I thought it necessary to discuss Yii’s authentication system first. And, as happens with me, in writing about that, and how you would customize the authentication process, I had to break the subject down into two posts. So here’s the first of an informal three-part series on authentication and authorization in Yii. In this post, I discuss how the parts of Yii’s authentication system work together; much of what I say in this first post is also available in the Yii documentation, just not presented in this way. I also show a couple of quick ways to modify its behavior to suit your situation. (continue reading…)
