Book Image

Agile Web Application Development with Yii1.1 and PHP5

Book Image

Agile Web Application Development with Yii1.1 and PHP5

Overview of this book

This book is a step by step tutorial in developing a real-world application using the incremental and iterative approach to software development. You learn about agile software development by leaning on the agile nature of the Yii application development framework. You touch on each aspect of the software development lifecycle by building a project task management application from concept through production deployment.After a brief, general introduction to the Yii framework and outlining the software development approach taken throughout the book, the chapters break down in the same way as software development iterations do in real-world projects. After the 1st iteration, you will have a working and tested application with a valid, tested connection to a database.In the 2nd and 3rd iterations, we flesh out our main database entities and domain object model and become familiar with Yii's object-relational-mapping (ORM) layer, Active Record. We also learn how to lean on Yii's auto-generation tools to automatically build our create/read/update/delete (CRUD) functionality against our newly created model. These iterations also focus on how Yii's form validation and submission model works. By the end of the third iteration you will have a working application that allows you to mange projects and issues (tasks) within those projects.The 4th and 5th iterations are dedicated to user management. We learn about the built-in authentication model within Yii to assist in application login and logout functionality. We then dive into the authorization model, first taking advantage of a Yii's simple access control model, then implementing the more sophisticated role-based access control (RBAC) framework that Yii provides.By the end of the 5th iteration, all of the basics of a task management application are in place. The next several iterations are focused on the nice-to-haves. We add user comment functionality, introducing a reusable content portlet architecture approach in the process. We add in an RSS Web feed and demonstrate how easy it is to integrate other third-party tools within a Yii application. We take advantage of Yii's theming structure to help streamline and design the application, and then introduce Yii's internationalization (I18N) features so the application can be adapted to various languages and regions without engineering changes.Finally, we turn our focus to production deployment. We introduce ways to optimize performance and security to prepare the application for a real-world production environment.
Table of Contents (19 chapters)
Agile Web Application Development with Yii 1.1 and PHP5
Credits
About the Author
About the Reviewers
Preface
Index

Restricting admin access


One problem you may have already noticed is that anyone, including guest users, can access our new admin module. We are building this admin module to expose application functionality that should only be accessible to users with administrative access. So, we need to address this issue.

Luckily, we have already implemented an RBAC access model in our application back in Chapter 8. All we need to do now is extend it to include a new role for administrators and new permissions available to that role.

If you recall from chapter 8, we used a Yii shell command to implement our RBAC structure. We need to add to that. So, open up the file containing that shell command, /protected/commands/shell/RbacCommand.php and add the following:

//create a general task-level permission for admins
 $this->_authManager->createTask("adminManagement", "access to the application administration functionality");   
 //create the site admin role, and add the appropriate permissions     
$role...