Introduction ¶
Current version 1.3.0 (revision 147)
This extension utilizes Yii's built-in Database Authorization Manager (CDbAuthManager) to provide a web interface for advanced access control.
Demo ¶
Follow the link below to try Rights on the Yii Blog demo. Please contact me if it doesn't work or seems messed up and I will fix it as soon as possible.
Features ¶
- User interface optimized for usability
- Role, task and operation management
- View displaying each role's assigned tasks and operations
- Assigning authorization items to users
- Sorting of authorization items by dragging and dropping
- Installer for easy and quick set up
- Authorization item generation
- Controller filter for checking access
- Support for business rules (and data)
- Runtime caching to increase performance
- Internationalization (I18N)
- Cross-browser and cross-database compatibility
- Easy to extend
Resources ¶
Translations ¶
Rights is currently translated into Finnish, French, German, Greek, Hungarian, Italian, Japanese, Spanish, Simplified Chinese and Swedish. Please contact me if you wish to translate Rights.
Donate ¶
Want to say thanks for the time and efforts put on this project?
Change Log ¶
April 1, 2011 ¶
- Release 1.3.0
- Installer now uses the schema.sql in the data folder
- Installer now names tables according to the application configuration
- Generator now creates tasks for {ControllerId}.* permissions
- Optimized the getting of superusers
- Fixed the problem that access was granted to Rights when no superuser were found
- Fixed most issues reported on Google Code
January 11, 2011 ¶
- Release 1.2.0
- Assigned items are now divided into Roles, Tasks and Operations
- Renamed most of the component classes to be prefixed with ‘R’ for consistence
- Configuration parameter for whether to display item description instead of name
- Configuration parameter for the application layout.
- Removed the guestName configuration parameter, web user guestName will be used instead
- Changed the forms to not use the form builder for convenience
- Return URLs are now stored with the web user
- Authorization item names are now URL encoded when passed as get parameters
December 16, 2010 ¶
- Release 1.1.0
- Optimization by runtime caching authorization items and their children
- Improved the authorization manager and authorizer
- Minor user interface improvements
- Proper support for CSRF validation in authorization item sorting
- Renamed the AuthItemWeight table to Rights
October 27, 2010 ¶
- Release 1.0.0
- Official release
September 5, 2010 ¶
- Release 0.9.11
- User interface improvements (UI reviewed for usability)
- Description is now mainly used instead of the name
- Even more intensive use of grid view
- Minor generator improvements
- Runtime caching of the module and its components
- Proper support for overriding the module style
August 28, 2010 ¶
- Release 0.9.10
- Use of grid views and data providers
- Proper authorization item sorting according to weights
- An own user behavior
- Generator now also looks for controllers in subfolders
August 13, 2010 ¶
- Release 0.9.9b
- Fixed a somewhat critical bug in the installer which cased the installer to not run correctly.
August 11, 2010 ¶
- Release 0.9.9
- Improved authorization item generation
- Improved installer
- Improved module configuration
- Rewritten style sheet for easier styling
August 4, 2010 ¶
- Release 0.9.8
- Authorization item generator
- Installer automation
- Improved support for module nesting
July 31, 2010 ¶
- Release 0.9.7
- Module nesting
- Flash messages
- Authorization item sorting
- Hover functionality for tables
- German translation (thanks g3ck0)
- Italian translation (thanks joeysantiago)
July 28, 2010 ¶
- Release 0.9.5
- Support for custom style sheets
- Swedish translation
July 26, 2010 ¶
- Release 0.9.3
- Rights Installer
- Improved module configuration
- Pagination for Assignments
July 20, 2010 ¶
- Release 0.9.2
- Internationalization (I18N)
- Finnish translation
July 19, 2010 ¶
- Release 0.9.1
- Initial release
Good work!
Thanx for a very interesting extension!
I have found one bug - empty permissions generate foreach error but it's not very important.
I have a problem with translation files too.
I set up 'sourceLanguage' => 'pl_pl', created directory 'plpl' under messages folder (with Polish translation but without effect. Still english ...Any ideas?
Very useful piece of code
I installed 0.9.8 without any problem. Worked immediately, including the automatic generation of authorization items.
I had to set the id of my user table equal to username to make ACAC (Automatic Controller Access Control) work (do not know if this is a requirement,
or something specific of my environment),
getAuthItemsByNames function upgrade
I suggest to upgrade getAuthItemsByNames function by selecting all names with one query and saving the results to array, than every time when you call function getAuthItemsByNames you can check the array for selected name. Because now you must select a very hard query on each check.
Needs to be optimized. This is my suggestion ;)
Sugesstion
I suggest modify RightsAuthManager by putting three more variables
/** * @var array funkcijos getAuthItem masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $authItemTmp = array(); /** * @var array funkcijos getItemChildren masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $itemChildrenTmp = array(); /** * @var array funkcijos getAuthItemsByNames masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $authItemsByNamesTmp = array();And the class you can use this:
<?php /** * Rights authorization manager class file. * Implements support for sorting of authorization items. * * @author Christoffer Niska <cniska@live.com> * @copyright Copyright © 2010 Christoffer Niska * @since 0.9.7 */ class RightsAuthManager extends CDbAuthManager { public $itemWeightTable = 'it_role_weight'; /** * @var string the name of the table storing authorization items. Defaults to 'AuthItem'. */ public $itemTable = 'it_role_action'; /** * @var string the name of the table storing authorization item hierarchy. Defaults to 'AuthItemChild'. */ public $itemChildTable = 'it_role_child'; /** * @var string the name of the table storing authorization item assignments. Defaults to 'AuthAssignment'. */ public $assignmentTable = 'it_user_role'; /** * @var array funkcijos getAuthItem masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $authItemTmp = array(); /** * @var array funkcijos getItemChildren masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $itemChildrenTmp = array(); /** * @var array funkcijos getAuthItemsByNames masyvas saugomu reiksmiu, optimizacija greitesnem veikimui */ public $authItemsByNamesTmp = array(); /** * Adds an item as a child of another item making sure that * the item doesn't already have this child. * @param string the parent item name * @param string the child item name * @throws CException if either parent or child doesn't exist or if a loop has been detected. */ public function addItemChild($itemName, $childName) { // Make sure that the item doesn't already have this child if( $this->hasItemChild($itemName, $childName)===false ) return parent::addItemChild($itemName, $childName); } /** * Assigns an authorization item to a user making sure that * the user doesn't already have this assignment. * @param string the item name * @param mixed the user ID (see {@link IWebUser::getId}) * @param string the business rule to be executed when {@link checkAccess} is called * for this particular authorization item. * @param mixed additional data associated with this assignment * @return CAuthAssignment the authorization assignment information. * @throws CException if the item does not exist or if the item has already been assigned to the user. */ public function assign($itemName, $userId, $bizRule=null, $data=null) { // Make sure that this user doesn't already have this assignment if( $this->getAuthAssignment($itemName, $userId)===null ) return parent::assign($itemName, $userId, $bizRule, $data); } /** * Returns the authorization item with the specified name. * @param string the name of the item * @return CAuthItem the authorization item. Null if the item cannot be found. */ public function getAuthItem($name) { if(isset($this->authItemTmp[$name])) { return $this->authItemTmp[$name]; } if( ($item = parent::getAuthItem($name))!==null ) { $items = $this->processItems(array($item)); $item = $items===(array)$items ? array_pop($items) : null; } $this->authItemTmp[$name] = $item; return $item; } /** * Returns the authorization items of the specific type and user. * @param integer the item type (0: operation, 1: task, 2: role). Defaults to null, * meaning returning all items regardless of their type. * @param mixed the user ID. Defaults to null, meaning returning all items even if * they are not assigned to a user. * @param CAuthItem the authorization item the items belong to. * parent for the authorization item * @param boolean whether to sort the items according to their weights. * @return array the authorization items of the specific type. */ public function getAuthItems($type=null, $userId=null, CAuthItem $parent=null, $sort=false) { // We need to sort the items if( $sort===true ) { if( $type===null && $userId===null ) { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data,weight FROM {$this->itemTable} t1 LEFT JOIN {$this->itemWeightTable} t2 ON name=itemname ORDER BY t1.type ASC, weight ASC"; $command=$this->db->createCommand($sql); } else if( $userId===null ) { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data,weight FROM {$this->itemTable} t1 LEFT JOIN {$this->itemWeightTable} t2 ON name=itemname WHERE t1.type=:type ORDER BY t1.type ASC, weight ASC"; $command=$this->db->createCommand($sql); $command->bindValue(':type', $type); } else if( $type===null ) { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data,weight FROM {$this->itemTable} t1 LEFT JOIN {$this->assignmentTable} t2 ON name=t2.itemname LEFT JOIN {$this->itemWeightTable} t3 ON name=t3.itemname WHERE userid=:userid ORDER BY t1.type ASC, weight ASC"; $command=$this->db->createCommand($sql); $command->bindValue(':userid', $userId); } else { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data,weight FROM {$this->itemTable} t1 LEFT JOIN {$this->assignmentTable} t2 ON name=t2.itemname LEFT JOIN {$this->itemWeightTable} t3 ON name=t3.itemname WHERE t1.type=:type AND userid=:userid ORDER BY t1.type ASC, weight ASC"; $command=$this->db->createCommand($sql); $command->bindValue(':type', $type); $command->bindValue(':userid', $userId); } $items = array(); foreach($command->queryAll() as $row) $items[ $row['name'] ] = new CAuthItem($this, $row['name'], $row['type'], $row['description'], $row['bizrule'], unserialize($row['data'])); } // No sorting required else { $items = parent::getAuthItems($type, $userId); } // Process the items and attach necessary behaviors $items = $this->processItems($items, $userId, $parent); return $items; } /** * Returns the children of the specified item. * @param mixed the parent item name. This can be either a string or an array. * The latter represents a list of item names (available since version 1.0.5). * @return array all child items of the parent */ public function getItemChildren($names) { $casheName = is_array($names) ? implode('_',$names) : $names; if(isset($this->itemChildrenTmp[$casheName])) { return $this->itemChildrenTmp[$casheName]; } if(is_string($names)) { $condition = 'parent=' . $this->db->quoteValue($names); } elseif(is_array($names) && $names !== array()) { foreach($names as &$name) { $name = $this->db->quoteValue($name); } $condition='parent IN ('.implode(', ',$names).')'; } $sql = "SELECT name, type, description, bizrule, data FROM {$this->itemTable}, {$this->itemChildTable} WHERE $condition AND name=child"; $children = array(); foreach($this->db->createCommand($sql)->queryAll() as $row) { if(($data = @unserialize($row['data'])) === false) { $data = null; } $children[$row['name']] = new CAuthItem($this,$row['name'],$row['type'],$row['description'],$row['bizrule'],$data); } if(!isset($this->itemChildrenTmp[$casheName])) { $this->itemChildrenTmp[$casheName] = $children; } return $this->itemChildrenTmp[$casheName]; } /** * Returns the specified authorization items sorted by weights. * @param array the names of the authorization items to get. * @return array the authorization items. */ public function getAuthItemsByNames($names, CAuthItem $parent=null, $sort=true) { $items = array(); if($names !== array()) { $namesTmp = implode('_', $names); if(isset($this->authItemsByNamesTmp[$namesTmp])) { $items = $this->authItemsByNamesTmp[$namesTmp]; } else { foreach($names as &$name) { $name = $this->db->quoteValue($name); } $condition = 'name IN ('.implode(', ', $names).')'; if($sort === true) { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data,weight FROM {$this->itemTable} t1 LEFT JOIN {$this->itemWeightTable} t2 ON name=itemname WHERE $condition ORDER BY t1.type ASC, weight ASC"; $command = $this->db->createCommand($sql); } else { $sql = "SELECT name,t1.type,description,t1.bizrule,t1.data FROM {$this->itemTable} t1 WHERE $condition"; $command = $this->db->createCommand($sql); } foreach($command->queryAll() as $row) { $items[ $row['name'] ] = new CAuthItem($this, $row['name'], $row['type'], $row['description'], $row['bizrule'], unserialize($row['data'])); } $this->authItemsByNamesTmp[$namesTmp] = $items; } } $items = $this->processItems($items, null, $parent); return $items; } /** * Processes the authorization items before returning them. * @param array the items to process * @param mixed the user ID. Defaults to null, meaning returning all items even if * they are not assigned to a user. * @param CAuthItem the authorization item the items belong to. * @return the processed authorization items. */ public function processItems($items, $userId=null, CAuthItem $parent=null) { foreach( $items as $i ) $i->attachBehavior('rights', new RightsAuthItemBehavior($userId, $parent)); return $items; } /** * Updates the authorization items weight. * @param array the result returned from jui-sortable. */ public function updateItemWeight($result) { foreach( $result as $weight=>$itemname ) { // Check if the item already has a weight $sql = "SELECT COUNT(*) FROM {$this->itemWeightTable} WHERE itemname=:itemname"; $command = $this->db->createCommand($sql); $command->bindValue(':itemname', $itemname); if( $command->queryScalar()>0 ) { $sql = "UPDATE {$this->itemWeightTable} SET weight=:weight WHERE itemname=:itemname"; $command = $this->db->createCommand($sql); $command->bindValue(':weight', $weight); $command->bindValue(':itemname', $itemname); $command->execute(); } // Item does not have a weight, insert it else { if( ($item = $this->getAuthItem($itemname))!==null ) { $sql = "INSERT INTO {$this->itemWeightTable} (itemname, type, weight) VALUES (:itemname, :type, :weight)"; $command = $this->db->createCommand($sql); $command->bindValue(':itemname', $itemname); $command->bindValue(':type', $item->getType()); $command->bindValue(':weight', $weight); $command->execute(); } } } } }It will speed up permissions tab about 60 times :)
Updated documentation
Along with general Extension update do official release 1.0.0, author of this extension has also updated documentation for it. Complete documentation for version 1.0.0 can be downloaded here: http://yii-rights.googlecode.com/files/yii-rights-doc.1.0.0.pdf.
Deleting Operations, Tasks, and Roles
Hello, really big fan of this module. Thanks for the hard work! I am having a small issue, though. I've tried both version 9.11 and 1.0, and whenever I try to delete an operation, task or role through the GUI, nothing seems to happen. I assume that the delete operation is meant to make a JavaScript call that brings up the standard "Are you sure?" dialog. I first noticed this on a an app that I am writing, then just to be sure, I tried it in the "blog demo with rights". Same thing. I will continue to debug to see if I can catch the issue, and I'll be sure to post a solution if I find one. In the meantime, has anyone run into this, or have any insight?
Following up to previous comment
Just to clarify, the previous comment does not describe an actual bug in this module. A fresh checkout from svn to another web server environment, and the problem no longer exists. Obviously, the issue was a result of a strange environment quirk. No worries. Fantastic module! I recommend it to anyone that needs a quick, intuitive way to apply RBAC to a Yii application!
A little improvement
I suggest to replace this (RightsFilter.php, line 29):
if( in_array($action->id, $this->_allowedActions)===false )to this:
if( !in_array($action->id, $this->_allowedActions) and !in_array('*', $this->_allowedActions) )because:
1) I want to have posibility to allow all actions in controller that is nested from controller class with 'rights' filter
2) in_array() always return boolean, so
===falseis redundantp.s.: 'Rights' is a massive extension with a highest quality of code, that I ever seen in Yii extensions. Very nice extension :)
Where's the database?
Where can I find the sample database for the sample blog? Is it included there?
whats the matter with "stdClass::user->isGuest not defined"
i have installed the rights. but when i request it, it always shows me the error , "undefined variable: stdClass::user->isGuest",whats the problem?,my apache config? or php config? or the application config? help me ,3ks a lot!
Suggestion
Hey, nice job, Chris.
In assignments screen (/rights/assignment/view), the table header shows "Name" for the user name. It could be made more clear by using the text "User Name".
installation problem
I am getting the following error after installing
yii-right...under...protected/modules/rights...
Alias "rights.RightsModule" is invalid. Make sure it points to an existing PHP file
table_prefix I need
It seems there isn't support table_prefix.So if I have many projects to use only one database.rights mey be confused.table_prefix needed!
rights url bug?????
I've put the module in yii blog demo
but when I inter http://localhost/yii1.1/demos/blog/index.php?r=rights/authItem/generate
Yii Blog Demo
Home About Contact Logout (demo)
Home » Rights » Generate items
AssignmentsPermissionsRolesTasksOperations
.........
the url changed!!!!
Home=>http://localhost/yii1.1/demos/blog/index.php?r=rights/post/index
About=>http://localhost/yii1.1/demos/blog/index.php?r=rights/post/about
......
I don't know why .may be it's the bug of blog.Can somebody test and help me out?
RAuthorizer Bugs?
Hi, if it a bugs?
i have to change the code at RAuthorizer.php line 292
from:
to:
so that it search the name column instead of id column for super user, else will get error:
"There must be at least one superuser!"
User class import
While installing, I got this error:
include(User.php) [function.include]: failed to open stream: No such file or directory
Besides this info from the manual:
Note: In case your User model is not called ‘User’ or if you user name column is not called ‘username’ or if your user id column is not called ‘id’ you need to override the respective setting in the module configuration.
You'll also have to import your User class, e.g. if it's in a module.
Feature suggestion
I think exporting/importing Roles/Operations/Tasks would be a great tool to make it easier to manage roles etc. across code updates.
Do you plan this feature? If not - maybe, let's discuss it and we'll help code it \m/
Simple example for a business rules and limited access to index action (inspired from the forum)
Here is my simple example to allow only the owner of an blog post to view, update and delete. In my example Post has a propery 'user_id' which is the value of the owning user.
In your PostController:
public function filters() { return array( 'accessOwn + view, update, delete', 'rights', ); } public function filterAccessOwn($filterChain) { $post=$this->loadModel($_GET['id'], 'Post'); if(Yii::app()->user->checkAccess('Post.AccessOwn', array('userid'=>$post->user_id))) $filterChain->removeAt(1); $filterChain->run(); }In rights define following operation:
Name: Post.AccessOwn Description: Post.AccessOwn Rule: return Yii::app()->user->id==$params["userid"];To limit access to browsable posts (i.e. on the default index action), you can do something like following in your PostController:
public function actionIndex() { $dataProvider = new CActiveDataProvider('Post'); if (!Yii::app()->user->isSuperuser) { $dataProvider->setCriteria(array( 'condition' => 'user_id=:user_id', 'params' => array(':user_id' => Yii::app()->user->id), )); } $this->render('index', array( 'dataProvider' => $dataProvider, )); }Checks for superuser even during install
Seems to check for user even when "install" is true and you're logged in.
It throws:
> ERROR: code=403, message=There must be at least one superuser!
If I temporarily comment out line 305:
throw new CHttpException(403, Rights::t('core', 'There must be at least one superuser!'));Then install it, then uncomment, it works just fine.
Clarifications
@horizons $userIdList is an array that holds the ids of the users with superuser access, so the current condition is the right one.
@paejan I'm currently using Rights with Yii 1.18 and it works without a hitch.
yes sorry it was my fault
I tested the rights module with the yii 1.8 blog demo and forgot that the UserIdentity returns the "username" for Yii::app()->user->getId().
because the blog demo has only an array for authenticate. Guess this is the problem which others also have if they install the rights module in their "test applications".
i found this after i tried to add the "admin" superuser role to another account. which failed every time.
So it works with yii 1.8 it just doesn't work from scratch in the yii blog demo cause of the missing user data.
Feature Request
Just started using this module and like it... moving from srbac.
It would be nice to change the drop-down list for assigning operations to tasks to a multi-select list box. Then you'd have the ability to select multiple operations for one task and click Add just once.
Thanks for the good work Chris
normal user as superuser
Hello,
When user is logged as superuser and log on to other account without logout then user is still superuser,
100 upvotes!
Wow man. Rights totally deserves that. Congratulations!
@tsmith108
You can add the multiselect by themeing.
Wow
Such a good module, Thank you very much!
The only problem is that it's very difficult to find it through Google.
Better than any other Yii RBAC manager!
Problem with 1.3.0
Hi all, i'm using Rights v1.3.0 and i have next module structure
controllers/PageController.php
controllers/admin/PageController.php
Rights module generates
rightsonly for controllers/admin/PageController.php?So, currently Rights module doesnt support
not uniqiuenames for controllers?Has anyone same problem? How to fix it?
@kmddm
Either you
There is no better solution without hacking rights.
I am going with number 2 and for small project it is fine.
installation problem
great job really love it!
i am working with framework yii-1.1.9.r3527, with no additional plugins installed..
on the first run needed to add an entry in the authitem and authassignment db tables.
modified the Controller.php in the protected/components directory
"class Controller extends RController"
and added another function
public function filterAccessControl($filterChain)
{
$filter = new RightsFilter;
$filter->allowedActions = $this->allowedActions();
$filter->filter($filterChain);
}
now its working perfectly, the documentation is missing these stuff!
Jerome Nicholas
Programmer/Analyst
http://shalomsoftware.com.au/
Changing 'Rights' doesn't update the database
Hi,
Hopefully, it's just me being dum.
I've created Roles, Tasks and Operations, its working!
If I then go and change a name of a role for example, the change isn't being applied in the database...
Find if you never want to change anything - but perhaps someone can either supply a patch - or tell me what I've not done right lol
p
reply to #7072
@thepaulius
hi,
hw did login in the first time,
there are 4 tables (modules/rights/data/schema.sql)
you need to extend the Controller which extends CController to the rights RController
first login it would say "There must be at least one superuser!"
you can either add two entries in the AuthAssignment, AuthItem with userid
or add a line in modules/rights/components/RAuthorizer.php function getSuperusers()
$superusers[] = 'your admin account name';
and add another function
public function filterAccessControl($filterChain)
{
$filter = new RightsFilter;
$filter->allowedActions = $this->allowedActions();
$filter->filter($filterChain);
}
tell me what happened :)
Extension abandoned?
The development of this extension has been abandoned?
Great extension, has saved me a ton of work
Thanks a lot for all your hard work Chris!
I am having a problem where when not logged in, a guest can type the url of a page in the browser and it will go there. Anyone know what I might be doing wrong?
Errr nevermind, I figured it out. I wasn't extending my controllers from RController and adding the filter. Thanks anyway and maybe this will help someone.
How to use business rules
Hi!
Very nice module there.
I think it just lacks some documentation on how to use business rules and data on tasks. Could you explain and illustrate?
Cheers!
Struggling with BizRule Data
Hi!
I cannot set a BizRule Data in the UI...
Even in the Blog demo, when I try to set some Data, I get a 500 error :
Error 500 preg_match() [<a href='function.preg-match'>function.preg-match</a>]: Compilation failed: missing terminating ] for character class at offset 30Help needed please...
User model with a column called 'name' causes some trouble.
When there is a column called 'name' in the User model's table, you may come accross some unexeptected problems getting access as superuser. You have to modify Rights a bit to get this working. See: Yii-rights Issue 71: problem with column named "name" on code.google.com for one possible solution.
Translation to pt_br
Translation to pt_br in http://www.yiiframework.com/forum/index.php/topic/31918-traducao-pt-br-para-o-modulo-rights/
Automatically use $_GET as $params when $params is not set
Sometimes we need use the $id or other params in $_GET but we dont wanna put that in every checkAccess() call. In these cases we can add this line to RWebUser:
//In RWebUser, line 42 public function checkAccess($operation, $params=array(), $allowCaching=true) { $params = $params ? $params : $_GET; //** ADD THIS LINE ** // Allow superusers access implicitly and do CWebUser::checkAccess for others. return $this->isSuperuser===true ? true : parent::checkAccess($operation, $params, $allowCaching); }Now, everytime you dont specify the param $params for checkAccess(), Rights will use the $_GET. So, if you have
.../item/view/id/5you will be able to use$params['id'] //5in your bizRules without need to pass it in checkAccess();It was very useful for me. Hope it to be for you too.
how to solve this error ...
Getting error.
CPhpAuthManager and its behaviors do not have a method or closure named "getAssignmentsByItemName".
their is no CPhpAutmManager while getAssignmentByItemName is in RDbAuthManager.php.
Please help me. How to install this extension.
tablePrefix
Why not support tablePrefix?!
Next code is solved problem, but it's very bad..
'authManager' => array( 'class' => 'RDbAuthManager', 'itemTable' => 'PREFIX_AuthItem', 'itemChildTable' => 'PREFIX_AuthItemChild', 'assignmentTable' => 'PREFIX_AuthAssignment', 'rightsTable' => 'PREFIX_Rights', ),Empty controller
When generating permission for conroller, rights module does not see empty controllers. But this controllers may content some inherited actions (for example class PostController extends CRUDController). How to perform access for non super-users in this case?
I want search option
I want to search users or want to search user with particular permission,Want serch above,like in gridview of admin page,tell me,how I can achieve it.
I want search option
I want search opton in it,as we getting in admin page -gridvew,can u please tell me,how I can achieve it.
Problem with Yii::app()->user->checkAccess('Foo.Bar');
Hi!
I'm sure I'm not the first one to ask this, but I can't find any clear ans simple answer...
I have Yii-user and Rights extensions installed and configured and working fine. Except :
Yii::app()->user->checkAccess('Foo.Bar');
doesn't seem to be checking access recursively.
Let me (try to) explain. I have 2 roles R1 and R2, and I want to perform action A.
Assume R1 is a child of R2.
Assume A is a child of R1.
In the 'Permissions' page of the module, in (column R1, row A), I read 'Revoke' (wich means that A is assigned to R1). And in (column R2, row A), I read 'Inherited *' (wich means that A can be accessed via R1 by R2).
Now I log in with user U1 which has role R1. U1 can indeed perform action A, no problem.
But when I log in with User U2 which has role R2, U2 cannot perform action A. checkAccess('A') returns false...
Now if I set A as a child of R2 too, U2 can perform action A...
Am I missing something ?(and what is it)
Cheers!
RE : Problem with Yii::app()->user->checkAccess('Foo.Bar');
Okay, I was missing this :
> the iteration can stop with a positive result when Yii encounters in the hierarchy a so-called default role
from http://www.yiiframework.com/wiki/136/getting-to-understand-hierarchical-rbac-scheme/
(stupid me)
Cheers!
Best RBAC manager I've ever used..needs support and documentation though..
I've had a very good experience with Rights, as I used it in a very user role based projects, and got chance to dig into into it quite often..
What I felt most was that things are not documented properly, so I've written a small blog about small things one can so which are required often..
"My blog post about Rights"
Roles interface
Assigning actions to roles becomes rather tedious when you start having 10+ roles. Is there a way to make that part of the interface cleaner?
error with yii 1.1.11
Who use last yii 1.1.11 and got error
include($data->getAssignmentsText(CAuthItem.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory@fix https://github.com/yiisoft/yii/commit/05441abf04cd14fc379066ab54d8f86f0d3f0e8b
Change module layout to current theme
you done great job.. But one issue with changing the layout. Now it is using layout from app.views.layout.main but I just want to use current theme layout how can i do that one
Biz Rules with examples
It sure feels weird promoting myself here, but I've written some small examples on bizrules and would like to share it with you guys:
bizrules examples (using rights module)
P.S.: it isn't really specific to the rights-extension but i really don't see any reason for anyone to roll their own rbac when there's cniskas version.
accessRules for static pages
there is not a way to set the accessRules for static pages (created with CViewAction), for instance if I want to allow access to my static pages only for authenticated users.
The normal accessRules let me to specify an action but not a view.
Tnx ;)
Make RWebUser->checkAccess considering asterisk in AuthItems
We needed checkAccess() to return true when the user has permission for "Foo.*" and the check is called with "Foo.bar", when not AuthItem exists for "Foo.bar".
This is our solution, maybe it helps anyone:
public function checkAccess($operation,$params=array(),$allowCaching=true) { if ($this->isSuperuser===true) return true; if($allowCaching && $params===array() && isset($this->_access[$operation])) return $this->_access[$operation]; else { $checkOperation = $operation; if ((strpos($operation,'*') === false) && (strpos($operation,'.'))) { //in case we have an operation without asterisk we try to check access on the task as fallback, too $item = Yii::app()->getAuthManager()->getAuthItem($operation); if ($item === null) { //no AuthItem exists for this operation, let's check access on the task instead $operationArray = explode('.', $operation); $operationArray[1] = '*'; $checkOperation = implode('.', $operationArray); } } return $this->_access[$operation]=Yii::app()->getAuthManager()->checkAccess($checkOperation,$this->getId(),$params); } }You can easily change it to always fallback (no matter whether the operation AuthItem exists for other roles), when you remove the inner item check.
Caching for rights
Hi, I have implemented rights to support caching. You guys can check it here:
http://www.yiiframework.com/forum/index.php/topic/36116-rights-alternative/pageviewfindpostp183254
If you have any ideas/suggestions, please tell me.
Cheers!
superuser
hi, I do all muy homework.
but i get this when trying to install:
any idea ?
there is some data that should be in new tables ?
Best Regards
Auth extension
It's been a while since I've been working on Rights. After the success of my Twitter Bootstrap extension I decided that it was time to develop a new module for permissions management using bootstrap. I've been working on my Auth extension, which is a modern and responsive user interface for Yii's authorization manager and it was released yesterday.
If you liked Rights, I'm sure that you will feel at home using Auth as well. It fixes some of the core problems in Rights and is both easier to use and extend. There is also a demo available.
Here's a link to the extension page:
http://www.yiiframework.com/extension/auth
What is the current core problems with Rights?
Hi Chris,
Thank you for developing Rights module. Can you tell me more about the current core problems with Rights? I used rights within my cms and it will be great if you can tell me the current core problems of Rights. I will do my best to implement it.
Thank you once again for Rights module.
problem with sessions
Sometimes when I left my page opened for 30 minutes or when I open the site after some hours, I have this error.
How can I solve it?
Thanks for help.
problem with sessions
You should have install = false in your main config file
Auth extension
Thanks!
I've almost missed it :)
auth extension
Using rights and yii-user together
Hi,
I've just uploaded this extension, which provides methods to ensure compatibility for rights and yii-user.
Best regards,
schmunk
problem in rights
I am giving rights for 'create' to the 'authenticated' but the 'guest' also get the same right.Means the extension does not undersatnd any difference between 'authenticated' and the 'guest' please help me . I am dying.:(
fix
You need to add business rules for Guest:
return Yii::app()->user->isGuest;
and Authenticated:
return !Yii::app()->user->isGuest;
This should solve all your problems
Solution Found but modification needed by the development team of this extension.
I have asked the question stated below yesterday:
"problem in rights
I am giving rights for 'create' to the 'authenticated' but the 'guest' also get the same right.Means the extension does not undersatnd any difference between 'authenticated' and the 'guest' please help me . I am dying.:( "
Well I found the answer after discussing this with my senior.
Well the problem is that as long as the "authenticated" role will be there there will not be any difference between the guest and the authenticated. you will have to change the name of the role "authenticated" to something else such as "registered" or anything else that you want.
Well this may be considered as a bug.
There is a line in rightsmodule.php in the view of rights which has following code:
*/
public $authenticatedName = 'Authenticated';
how a guest name can be assigned as 'Authenticated'? I think here lies some problem.
So conclusion is that you must change the name of the authenticated role to something else for the smooth operation.
There must be at least one superuser!
Hi, I still get this error when tryint to install Rights.
Should I drop Auth* tables before triying again ?
I think I found the error:
the installer create a row in authassignment table, but the value for userid is "admin" and in my case, User table id value is "1".
User table:
id: 1
username: 'admin'
password: 'xzxzxzxzx'
etc
I found this line in : Rnstaller.php component file:
$command->bindValue(':userid', Yii::app()->getUser()->id);Any idea why getUser->id return "admin" and not "1" ??
Best Regards
Property "RDbAuthManager.authitemTable" is not defined.
HI anyone!.
I have a this bug, can someone help me?
Property "RDbAuthManager.authitemTable" is not defined.
with config:
'authManager'=>array(
'class'=>'RDbAuthManager', 'assignmentTable'=>'tbl_authassignment', 'itemChildTable'=>'tbl_authitemchild', 'authitemTable'=>'tbl_authitem', 'rightsTable'=>'tbl_rights', 'connectionID'=>'db', 'defaultRoles'=>array('Authenticated', 'Guest'), ),thanks so much
kien
Returning the Role for a User
I need to be able to access the role assigned to user in the Rights module. I've tried using
Rights::getAssignedRoles()(found in components/Rights.php), but it doesn't appear to return anything useful, at least to my novice level of understanding. Specifically, it returns:Array ( [Admin] => CAuthItem Object ( [_auth:CAuthItem:private] => RDbAuthManager Object ( [rightsTable] => Rights [_items:RDbAuthManager:private] => Array ( ) [_itemChildren:RDbAuthManager:private] => Array ( ) [connectionID] => db [itemTable] => AuthItem [itemChildTable] => AuthItemChild [assignmentTable] => AuthAssignment [db] => CDbConnection Object ( [connectionString] => mysql:host=localhost;dbname=larrylut_lel [username] => admin_lel [password] => Michael2000 [schemaCachingDuration] => 0 [schemaCachingExclude] => Array ( ) [schemaCacheID] => cache [queryCachingDuration] => 0 [queryCachingDependency] => [queryCachingCount] => 0 [queryCacheID] => cache [autoConnect] => 1 [charset] => utf8 [emulatePrepare] => 1 [enableParamLogging] => [enableProfiling] => [tablePrefix] => [initSQLs] => [driverMap] => Array ( [pgsql] => CPgsqlSchema [mysqli] => CMysqlSchema [mysql] => CMysqlSchema [sqlite] => CSqliteSchema [sqlite2] => CSqliteSchema [mssql] => CMssqlSchema [dblib] => CMssqlSchema [sqlsrv] => CMssqlSchema [oci] => COciSchema ) [pdoClass] => PDO [_attributes:CDbConnection:private] => Array ( ) [_active:CDbConnection:private] => 1 [_pdo:CDbConnection:private] => PDO Object ( ) [_transaction:CDbConnection:private] => [_schema:CDbConnection:private] => [behaviors] => Array ( ) [_initialized:CApplicationComponent:private] => 1 [_e:CComponent:private] => [_m:CComponent:private] => ) [_usingSqlite:CDbAuthManager:private] => [showErrors] => [defaultRoles] => Array ( ) [behaviors] => Array ( ) [_initialized:CApplicationComponent:private] => 1 [_e:CComponent:private] => [_m:CComponent:private] => ) [_type:CAuthItem:private] => 2 [_name:CAuthItem:private] => Admin [_description:CAuthItem:private] => [_bizRule:CAuthItem:private] => [_data:CAuthItem:private] => [_e:CComponent:private] => [_m:CComponent:private] => Array ( [rights] => RAuthItemBehavior Object ( [userId] => 3 [parent] => [childCount] => [_enabled:CBehavior:private] => 1 [_owner:CBehavior:private] => CAuthItem Object *RECURSION* [_e:CComponent:private] => [_m:CComponent:private] => ) ) ) )(That's from a
print_r(Rights::getAssignedRoles())) That's not terribly useful, at least to me. In my system, each user is assigned one and only one role, and the set of roles includes more than just Guest, Admin, and Authenticated. How can I access the role assigned to the user?Installation Steps - wiki
Installation Steps - wiki
http://www.yiiframework.com/wiki/423/installing-yii-users-and-rights-to-newly-created-yii-app/
problem in install
hello! I'm trying to install the "rights", but is returning the error, as image below. My question is: is he looking for the model "Users" because it is based on the blog? Can I change this model into another of my choice?
thank you
@angelo noguera
which is your User class/model?
if it is inside any module, then import it in config/main
like
'import'=>array( 'application.models.*', 'application.components.*', 'application.modules.user.models.*', 'application.modules.user.components.*', ),runningInstaller
How do I run the installer after enabling it in my /config/main.php
'modules'=>array(
'rights'=>array(
'install'=>true,
)
@shady
take the module in the browser
According to your url format
app/index.php?r=rights/
or
app/rights
or
app/index.php/rights
wiki
http://www.yiiframework.com/wiki/423/installing-yii-users-and-rights-to-newly-created-yii-app/
Installer
Thanks @Rajith
I followed but I'm getting this problem now,
Error 403
There must be at least one superuser!
How do I get this superuser working, I thought he would be installed automatically.
@shady
which is your user class?
add a column named superuser and make it 1 for admin. this is a tricky way.
I suggest yii-user model.
Right Module login from two tables ,but keep functionality.
Hello Yii Right Module experts,
In one of yii project installed yii right module and for login there is used a blog_user table,there is another table for students,Now I want to login with students table records but keep the yii right module functionality , How it is possible that both can login blog_user and students?
@Shahzad Thathal
use one table for login. that is better. relate students with user table. use user role to differentiate!! dont get complicated!
Superuser
1.3 version:
"rights/install" did not perform (super)user creation
:(
So, I must insert to DB manually.
authitem->Admin,2,NULL,NULL,"N;"
authassignment->Admin,id user to make as superuser,NULL,"N;"
@Taufik
No No..
you can assign role at the time of user creation
check this wiki
Your text to link here...
giving role
//assign role
$authorizer = Yii::app()->getModule("rights")->getAuthorizer(); $authorizer->authManager->assign('clients', $model->id);here 'clients' is the role name and '$model->id' is the user id.
Added to composer
Hey guys, I needed that extension to be able to load via composer, so I created GitHub fork and added composer package info. Enjoy - https://github.com/Webkadabra/yii-rights
@b3atb0x
good work :-)
Some more Yii composer packages
http://phundament.com/en/packages-12.html
Many packages are just created from the GitHub API.
@schmunk
Nice work!! Thats very use full :-)
how to assign permissions in yii rights module
how to assign permissions in yii rights module automatically when a user registered?
how to assign permissions in yii rights module
how to assign permissions in yii rights module automatically when a user registered?
@Shahzad Thathal
See using business rules in the guide. The example with
authenticatedshould come close to what you need.@Shahzad Thathal
assign role
$authorizer = Yii::app()->getModule("rights")->getAuthorizer();
$authorizer->authManager->assign('clients', $model->id);
From the above example 'clients' is a role name.
So create roles according to your preference and assign dynamically at the time of user creation .'$model->id' is the user id. you can also assign any authitem like this other than role.
How to assign permissions
I need to assign permission at the time of user creation,Like controller/action.
I assigned a Role to user now When user after login when go to controller/action(user/profile) its show a error you are not authorized to perform this action. but when I go to rights module and assign this permission controller/action to this user,it is working, How I can add permission for this user automatically?
@Shahzad Thathal
its surely your mismatch.
check the role and assigned operations/tasks.
also check the user for the role.
Awsome,I have done every with short touch of code
hello
i feel really good with this extension,
it save my time,
can i use it any commercial project of me?
thank you advanced
@mostofa62
I think yes, you can
Read this
http://www.opensource.org/licenses/bsd-license.php
how to use the business rules in right interface
i have post model and according its crud.
i want to apply role :author,reader,editor
1.where author can only edit,his own post
2.editor can only edit and delete his own post
how to right in ,when i create a task and the format of business rules in the field
means the php code.
what is $param value means $param['user_id']
example with image or web is good for me.
i am stuck here
Different URL
How can I change the default url?
I want it: path/to/application/index.php?r=permisos
@Kkk
Use urlmanager at config (config/main)
SORT OPERATIONS
Hi, very good extension!!!
I need to order the gridview by name and description in operations's view.
Please help me! This is my AuthItemController:
public function actionOperations() { $sort = new CSort(); $sort->defaultOrder= 'name asc'; $sort->attributes = array( 'name' => array( 'asc' => 'authitem.name asc', 'desc' => 'authitem.name desc', ), 'description' => array( 'asc' => 'authitem.description asc', 'desc' => 'authitem.description desc', ), '*', ); Yii::app()->user->rightsReturnUrl = array('authItem/operations'); $dataProvider = new RAuthItemDataProvider('operations', array( 'type' => CAuthItem::TYPE_OPERATION, 'sort' => $sort, 'sortable' => array( 'id' => 'RightsOperationTableSort', 'element' => '.operation-table', 'url' => $this->createUrl('authItem/sortable'), ), ));Upgraded version for Yii 2.0?
I love this extension and thinking to use in my current project. However, I would like to confirm some doubts.
1) Is this extension still maintained?
2) Is it going to be upgraded for Yii 2.0?
Thanks
@b3atb0x
@b3atb0x, tried to add the following to my composer file "Webkadabra/yii-rights":"dev-master" but it says your package is not found, what do I add to composer to get your version to install?
@learningyii
Bug In RAutherizer.php
If you expirience problems with the usernames not working and getting a permision denied error with the main rights page, you probably need to integrate this change, https://bitbucket.org/Crisu83/yii-rights/pull-request/6/use-usernamecolumn-from-config/diff
Please merge this into the main distribution.
@Loren
Thank you for the information.
Where you got that error?
Help with config
Hi everybody!
one question about rights and user!
I have followed this tutorial http://www.yiiframework.com/wiki/423/installing-yii-users-and-rights-to-newly-created-yii-app/ to install them.
All fine, i can log with admin and set the rights.
Then i modify each controller in my app like this
class ArticoloController extends RController{
public function filters(){ return array('rights'); }}
And now if i open the page without logging me he redirect me to the login page!
I set all the permission for the guest, so this is not what i want!
Even, i set the permission from this page r=rights/authItem/permissions. In my idea the item Site. is a global item that have inside him Site.Contact, Site.Error and Site.Index. It's right? So i can set only the Site., right?
Last question, when i read Revoke it's mean that the guest have the permission and when i read Assign it's mean that the guest have not the permission, right? I have check in the db table and i can see the item in the table when i read Revoke.
Thanks for all the help!!!
@Giov
Guest means? Public ?
Compatible with Yii 2?
Is it?
Is someone going to update this great extension?
Demo doesn't work
Hi! The domain (http://www.cniska.net/) is not working!!!
@Mariaczi+PL
Please try a rewrite .
Mongo DB?
Hi , Is there a separate version for Mongo DB.
I am in need of Yii Mongo and right module
@sushant_d84
No !!
Scanning of Actions
Hi There,
Thanks for replying...
Current module Scan all the member function which starts with keyword "action" from almost all the controller.
1) Can we change it to something else? I want use something like 'check'
2) Can we add more keywords? Most of my functions starts with check and not action. So can have both options ( 'actionEditUser' + 'checkEditUser')?
3) Can we include some plugin/extensions/components and create its operations?
Regards
Sushant
Scanning of Actions
Hi There,
Thanks for replying...
Current module Scan all the member function which starts with keyword "action" from almost all the controller.
1) Can we change it to something else? I want use something like 'check'
2) Can we add more keywords? Most of my functions starts with check and not action. So can have both options ( 'actionEditUser' + 'checkEditUser')?
3) Can we include some plugin/extensions/components and create its operations?
Regards
Sushant Danekar
applay theme
hi
how can i add rights to my current theme
@malkabani.com
Changes in layouts.
@sushant_d84
Add controller action option is there . Try that functionality.
rights - installation
============
rights - installation
1: class RWebUser extends WebUser//(user webuser class)
2: class Controller extends RController
public function filters() { return array( 'rights', ); } public function allowedActions() { return 'error,login,logout'; }3: remove/comment class'es individual filters and accessRules(site and others)
5: class RDbAuthManager extends CDbAuthManager
public $rightsTable = 'rights';//small rGet authorizer error
Fatal error: Call to undefined method Rights::getAuthorizer() getting this pathetic error
@usman iqbal
Where you got this error, I am working with Rights, no issues here.
Where's the Documentation ?
I want to use this extension. But, when I wanted to open the documentation, there's not documentation file. So, any body help me ? something like give me the documentation via email or anything can help me to get the documentation. Thankyou
@Rahmad Subekti
http://www.yiiframework.com/wiki/522/yii-user-and-rights-implementation/
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.