Blame | Letzte Ă„nderung | Log anzeigen | RSS feed
<com:TContent ID="Main"><h1>Authentication and Authorization</h1><p>Before we set off to implement the user pages, we need to do some work to enable <a href="http://www.pradosoft.com/demos/quickstart/index.php?page=Advanced.Auth">authentication and authorization</a>.</p><p>We add two new modules to the application configuration as follows:</p><com:TTextHighlighter CssClass="source" Language="xml"><modules>...TDataSourceConfig and TActiveRecordConfig modules...<module id="auth"class="System.Security.TAuthManager"UserManager="users"LoginPage="users.LoginUser" /><module id="users"class="System.Security.TDbUserManager"UserClass="Application.BlogUser" /></modules></com:TTextHighlighter><p>The <a href="http://www.pradosoft.com/docs/classdoc/TAuthManager">TAuthManager</a> module manages the whole authentication and authorization workflow. It uses the <tt>users</tt> module as its user manager (see below). By specifying the <tt>LoginPage</tt> property, we inform the auth manager to redirect user's browser to the <tt>LoginUser</tt> page when an authorization fails. We will describe how to create <tt>LoginUser</tt> in the next subsection.</p><p>The <tt>user</tt> module is of class <a href="http://www.pradosoft.com/docs/classdoc/TDbUserManager">TDbUserManager</a> which is responsible to verify the validity of a user and keep basic user data in the PHP session. The <tt>UserClass</tt> property is initialized as <tt>Application.BlogUser</tt>, which indicates the user manager would look for a <tt>BlogUser</tt> class under the directory <tt>protected</tt> (remember the alias <tt>Application</tt> refers to the <tt>protected</tt> directory) and use it to keep user's session data.</p><p>As we will see in later sections, in controls and pages, we can use <tt>$this->User</tt> to obtain the <tt>BlogUser</tt> object which contains the information of the user currently accessing the system.</p><p>Below is the implementation detail of <tt>BlogUser</tt>. Notice <a href="http://www.pradosoft.com/demos/quickstart/index.php?page=Database.ActiveRecord">Active Record</a> is used to perform DB query. For example, we use <tt>UserRecord::finder()->findByPk($username)</tt> to look for the primary key specified by <tt>$username</tt> in the <tt>users</tt> table.</p><com:TTextHighlighter CssClass="source" Language="php">// Include TDbUserManager.php file which defines TDbUserPrado::using('System.Security.TDbUserManager');/*** BlogUser Class.* BlogUser represents the user data that needs to be kept in session.* Default implementation keeps username and role information.*/class BlogUser extends TDbUser{/*** Creates a BlogUser object based on the specified username.* This method is required by TDbUser. It checks the database* to see if the specified username is there. If so, a BlogUser* object is created and initialized.* @param string the specified username* @return BlogUser the user object, null if username is invalid.*/public function createUser($username){// use UserRecord Active Record to look for the specified username$userRecord=UserRecord::finder()->findByPk($username);if($userRecord instanceof UserRecord) // if found{$user=new BlogUser($this->Manager);$user->Name=$username; // set username$user->Roles=($userRecord->role==1?'admin':'user'); // set role$user->IsGuest=false; // the user is not a guestreturn $user;}elsereturn null;}/*** Checks if the specified (username, password) is valid.* This method is required by TDbUser.* @param string username* @param string password* @return boolean whether the username and password are valid.*/public function validateUser($username,$password){// use UserRecord Active Record to look for the (username, password) pair.return UserRecord::finder()->findBy_username_AND_password($username,$password)!==null;}/*** @return boolean whether this user is an administrator.*/public function getIsAdmin(){return $this->isInRole('admin');}}</com:TTextHighlighter></com:TContent>