From 1d5386b3868d79c3b21d36839813975925628f5c Mon Sep 17 00:00:00 2001
From: Vitaliy Syrchikov <maddoger@gmail.com>
Date: Thu, 5 Nov 2015 12:03:17 +0400
Subject: [PATCH] Fixed rbac roles scenario. Rbac attribute is safe only in
 'backend' scenario. Fixed: password will be empty when login form is loading.

---
 backend/controllers/UserController.php | 2 ++
 backend/views/auth/login.php           | 2 +-
 common/models/User.php                 | 3 ++-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/backend/controllers/UserController.php b/backend/controllers/UserController.php
index a9f2375..b1c4635 100644
--- a/backend/controllers/UserController.php
+++ b/backend/controllers/UserController.php
@@ -125,6 +125,7 @@ public function actionCreate()
                 'profile' => new UserProfile(),
             ],
         ]);
+        $model->getModel('user')->setScenario('backend');
 
         if ($model->load(Yii::$app->request->post()) && $model->save()) {
             return $this->redirect(['view', 'id' => $model->getModel('user')->id]);
@@ -151,6 +152,7 @@ public function actionUpdate($id)
                 'profile' => $user->profile,
             ],
         ]);
+        $model->getModel('user')->setScenario('backend');
 
         if ($model->load(Yii::$app->request->post()) && $model->save()) {
             switch (Yii::$app->request->post('redirect')) {
diff --git a/backend/views/auth/login.php b/backend/views/auth/login.php
index bf46dbf..c205e7b 100644
--- a/backend/views/auth/login.php
+++ b/backend/views/auth/login.php
@@ -28,7 +28,7 @@
         [
             'parts' => ['{feedback}' => '<span class="glyphicon glyphicon-lock form-control-feedback"></span>'],
         ]
-    )->passwordInput(['placeholder' => $model->getAttributeLabel('password')]); ?>
+    )->passwordInput(['placeholder' => $model->getAttributeLabel('password'), 'value' => '']); ?>
 
     <div class="row">
         <div class="col-xs-8">
diff --git a/common/models/User.php b/common/models/User.php
index 4dc510e..841216b 100644
--- a/common/models/User.php
+++ b/common/models/User.php
@@ -109,7 +109,8 @@ public function rules()
             //Create
             [['username', 'email', 'password_hash'], 'required', 'on' => 'create'],
 
-            [['rbacRoles'], 'safe'],
+            //Only in backend
+            [['rbacRoles'], 'safe', 'on' => 'backend'],
         ];
     }