User Interface module for RBAC
Requirements ¶
Yii 1.1 or above.
Javascript enabled webbrowser.
Usage ¶
- Extract the zip file to the application's protected/modules directory.
- Edit your configuration to register the module (the default option values may need to be adjusted):
'modules'=>array(
'rbac'=>array(
'class'=>'application.modules.rbacui.RbacuiModule',
'userClass' => 'User',
'userIdColumn' => 'id',
'userNameColumn' => 'username',
'rbacUiAdmin' => true,
'rbacUiAssign' => true,
),
),
- rbacUI requires a user database table to be present that at least contains an integer User ID field and a varchar User name field. rbacUI also expects Yii::app()->user->id to return the User ID, not the User name. The model for the user table and the column names for the User ID column and the User name column are part of the module options.
- Do not forget to define the authManager component for the application. For example:
'components'=>array(
// Other stuff.
'authManager'=>array(
'class'=>'CDbAuthManager',
'connectionID'=>'db',
),
),
- Log in to your application.
- Navigate to http://your-base-url/index.php?r=rbac (or if you use urlManager to rewrite your url: http://your-base-url/rbac).
- Create a role for the rbacUI administrator and a role for the rbacUI operator. Assign the administrator role to yourself.
- Change the module parameter settings for 'rbacUiAdmin' and 'rbacUiAssign' to the names of the roles you just created.
NOTES:
When using an older version of jQuery UI the rbacui.js has to be changed:
~~~
[javascript]
function selectUserTab(user) {
$("#tempuser").text(user);
$('#tabs').tabs('select', 0); // jQuery UI < 1.9
// $("#tabs").tabs("option", "active", 0); // jQuery UI >= 1.9 } ~~~ When using a PHP version below 5.3 the following code needs to be changed in RbacuiController.php and AjaxController.php (depending on the model for the user table):
/* $class = new $this->module->userClass;
$models = $class::model()->findAll($criteria); */
$models = User::model()->findAll($criteria);
It is assumed that you already know the basics of rbac in Yii and know how to configure rbac in Yii, but when you need to catch up try these links:
Role-Based Access Control
Getting to Understand Hierarchical RBAC Scheme
Options ¶
The following configuration options can be used:
userClass:
The model name of the database table that contains the user authentication information for User ID and User name (default value: 'User').
userIdColumn:
The column name of the User class field that contains the User ID (default value: 'id').
userNameColumn:
The column name of the User class field that contains the User name (default value: 'user').
userActiveScope:
The scope that is used for selecting active users (default value: false).
The default value false means that no scope is used for selecting users to be displayed.
rbacUiAdmin:
The role name for the rbacUI administrator (default value: false).
The rbacUI administrator can create/update/delete authorization items and assign/revoke authorization items to/from users.
The default value false means that no one has this authorization.
rbacUiAssign:
The role name for the rbacUI operator (default value: false).
The rbacUI operator can only assign/revoke authorization items to/from users.
The default value false means that no one has this authorization.
rbacUiAssignRole:
The role name for the rbacUI operator for roles only (default value: false).
This rbacUI operator can only assign/revoke roles to/from users.
The default value false means that no one has this authorization.
Versions ¶
- v1.0.5 (Aug 4, 2014):
- Added parameter rbacUiAssignRole.
- v1.0.4 (July 13, 2014):
- Bugfix of Auth item attaching.
- v1.0.3 (July 7, 2014):
- More reliable URL's for tab content.
- Renamed RController to RbController.
- v1.0.2 (July 3, 2014):
- Restricted items to revoke in dropdown list to assigned items.
- Added a background grid to the authItems hierarchy tab.
- v1.0.1 (July 2, 2014):
- Bugfix.
- v1.0.0 (June 30, 2014):
- Initial release.
Interesting
Looks really promising, I will give it a try, as I was looking for something powerful but extremely flexible, which this extension seems to be...
It would be useful (for those that are browsing at times when they cannot install it to test it) if there would be some examples of usage, maybe some screens etc.
I'll be back with feedback once we get a chance to test it.
some clarifications and an issue
Got a chance to test it, as promised.
Here are some things that i found that could make it easier for someone that's trying to install it and configure it:
'components'=>array( 'authManager'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db', 'itemTable'=>'util_AuthItem', 'itemChildTable'=>'util_AuthItemChild', 'assignmentTable'=>'util_AuthAssignment', ), ... )and also make sure that you have created the tables required by CDbAuthManager, from the SQL files available in \framework\web\auth\ folder of the framework.
Once these steps are done, your Roles/Tasks/Operations tabs are going to work as expected.
the configuration line " 'userActiveScope' => 'active'," should be commented out for the initial setup, as this requires a scope called 'active' already defined in the User model that would filter the results to only return the active users, if the User model provides such a feature. in the doc you say "(default value: false)." but in the config supplied above you have it with a value, which will probably generate an error if used as such.
And now for the issue: at least in my setup, when i Assign role to operator, the modal doesn't disappear when i click save, although other similar dialogs (New Role for example) work as expected.
I am testing this in conjunction with http://www.yiiframework.com/extension/usr/ extension (used for user registration) and it works quite nice so far.
Re: some clarifications and an issue
Thank you for your feedback. It is very much appreciated. I will make some adjustments accordingly.
As for your issue: I am not able to reproduce that bug. My hope is that you or someone else will be able to find the cause some day.
I can't install it
If I try to access to http://my.site/my-app/rbac it tells me "404 not found".
If I try to access to http://my.site/my-app/index.php?r=rbac (like as gii) it shows me blank page.
The installation guide is not so useful, it misses a lot of information.
Re: I can't install it
"404 not found" seems to indicate that the module is not defined or defined by another name.
When you think the instruction is lacking information, can you point out what is missing?
Feature request
Hi, first off... thanks for creating this module, it's awesome and (almost) everything that I need.
I do however have a question (I'm not sure if this is the right place for that?).
Would it be possible to add another configuration option?
I would like to allow the 'rbacUiAssign'-user to only assign roles (not tasks or operations).
This way I can configure my security to use tasks/operations to check the necessary access for all access checks.
That way I can configure my admin security through tasks/operations without running the risk that my 'rbacUiAssign'-user assigns it to someone he's not supposed to.
I could alter the extension myself but I'd prefer not altering the extension myself so I can easily upgrade to the newest version available when I want to.
ps. In the light the comment below about information in the instruction, it might be an idea to change the folowing in the installation guide:
Change the line "Navigate to http://your-base-url/rbac" to something like "Navigate to http://your-base-url/index.php?r=rbac (or if you use urlManager to rewrite your url: http://your-base-url/rbac)"
That way it may be easier to install for people new to yii.
Re: Feature request
That is a good suggestion. I will add an extra parameter to allow for this functionality. Thanks.
Very good!
It's a very good extension!
Thank you! :)
nice visualization, time saving
must have for yii
thanks
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.