Role Based Access Manager (RBAM) is a Yii module that provides complete management of Authorisation Data (Authorisation Items, Authorisation Hierarchy, and Authorisation Assignments) for Yii’s Role Based Access Control system via a browser interface; it is intended for use in development and end-user administration environments.
RBAM has an intuitive “Web 2.0” interface to easily manage Authorisation Items (Roles, Tasks, and Operations), their hierarchy, and Authorisation Assignments. It presents all of an Authorisation Item’s information in one place providing a comprehensive overview and complete management of the item.
RBAM’s “Drill-down” and “Drill-up” features quickly show an item’s position in the Authorisation Hierarchy, what permissions it inherits (Drill down) and which Roles inherit its permissions (Drill up).
RBAM is built on top of Yii’s CAuthManager component and supports both of Yii’s built-in Authorisation Managers, CDbAuthManager and CPhpAuthManager, and authorisation managers extended from them.
I18N ¶
RBAM supports I18N; it comes with German and Spanish translations (these are mine courtesy of Google - so poor at best).
Since V1.5 a Russian translation in included (thanks to Jangos)
If you have translation for RBAM and would like it included, please add to the RBAM thread in the forum; I'll add them in to the future releases.
Requirements ¶
- JavaScript enabled browser
- CDbAuthManager, CPhpAuthManager, or an authorisation manager component extended from them
- A User model with an attribute that is the model’s primary-key and an attribute or attributes that provide the names of users; since V1.5, name attributes can also be in a related model.
Compatibility ¶
| Status | Yii | Chrome | Firefox | MSIE | Opera | Safari | OS |
|---|---|---|---|---|---|---|---|
| Tested with | 1.1.5 | 8.0 | 3.68 | 8.0 | 10.63 | 5.0 | Windows 7 |
| Should work with | 1.x.x | All | 2.0+ | 6.0+ | 9.0+ | 3.0+ | All |
Installation ¶
Extract the download archive onto the required folder. RBAM can be installed as a "top-level" module (in /protected/modules) or a nested module (in the modules directory of a parent module.
Edit your configuration file (if a "top-level" module)
‘modules’=>array(
‘rbam’=>array(
// RBAM Configuration
),
),
(if a nested module)
‘parentModule’=>array(
// Parent Module Configuration
‘modules’=>array(
‘rbam’=>array(
// RBAM Configuration
),
),
),
Usage ¶
Access RBAM in your browser at _http://your.domain/index.php?r=[parent module/]*rbam
Download the Demo ¶
You can download the demo (it's just the Yii "testdrive" app with RBAM and a user model). This comes with some Authorisation Data in place. The demo uses CPhpAuthManager; you can change the config to use CDbAuthManager (the config has the Yii demo SQLite db component) and import the PHP Authorisation data.
Before running the demo you will need to edit index.php to point to your Yii installation.
Resources ¶
Change Log ¶
1.6.1 ¶
- Fixed an issue with RbamModule::getMenuItem()
- Fixed inocrrect passing of parameters to Yii::t in RbamInitialiser::initialise()
- Fixed undefined index issues in RbamInitialiser::defaultAuthData()
1.6 ¶
- Corrected scope of RbamController::ActiveChars() method to public
- Upgraded AlphaPager extension to 1.3.2
- Added RbamModule::getMenuItem() and RbamModule::getMenuItems() methods to provide CMenu integration
- Updated manual to add RbamModule::getMenuItem() and RbamModule::getMenuItems() methods. Property and method documentation now in Yii style.
1.5 ¶
- RBAM now supports user names from models related to the model specified by userClass; e.g. array(',', profile.given_name, profile.family_name) will use the given_name and family_name attributes of the profile relationship in the userClass.
- Russian translation (thanks to Jangos)
- Fixed all reported bugs
1.4 ¶
- Fixed issue with installing into DB without auth tables
- Improved sorting of users
1.3 ¶
- Improved I8n in JUI dialogs
- Improved validation error support in JUI dialogs
1.2 ¶
- Fixed issue with multiple assignments to a user (only seen on some servers)
- Added validation to biz rule to ensure it is a valid PHP "return" statement
- Changed initialisation to always add RBAM and default roles if not present. This allows RBAM to be easily added to existing RBAC authorisation data
- Added count of users with permission for an item to Auth Item Overview and Auth Item relationship tabs
1.1 ¶
- Fixed code to work with applications in sub-folders
1.0 ¶
- Initial release
Interesting
I must say that the quality of the code is very good and some of the ideas in the user interface are very interesting. I like the tree-view for generating authorization items.
Thanks for mentioning Rights in the credits, although I'm not sure what "setting standards for documentation" exactly means. :)
Re: Where's the schema?
The minimal schema required by RBAM for the user table is
~~~
[sql]
CREATE TABLE tbl_user (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
username VARCHAR(128) NOT NULL,
);
~~~
Goes without saying that in an application there will be other columns, e.g. password, email address, etc.
For the auth data, if using CPhpAuthManager, by definition there is no schema as the auth data is not stored in a database. If using CDbAuthManager, the schema is that used by Yii as per Yii's "web/auth" directory. RBAM detects the type of auth manager being used and takes care of everything for you.
DOWNLOAD
It would be great to dowload the demo application such like by "rights".
nice one...
fix for submodules and username:
RbamUserBehavior
change:
$attribute = Yii::app()->getModule('rbam')->userNameAttribute;to:
$attribute = Yii::app()->findModule('rbam')->userNameAttribute;some bugs
'footer'=>CHtml::link(CHtml::image("{$module->baseScriptUrl}/images/assignmentAdd.png",Yii::t('RbamModule.rbam','Assign Role(s)')), array('assign','uid'=>$user->id), array('class'=>'add', 'title'=>Yii::t('RbamModule.rbam','Assign role(s) to this user'))),=>
'footer'=>CHtml::link(CHtml::image("{$module->baseScriptUrl}/images/assignmentAdd.png",Yii::t('RbamModule.rbam','Assign Role(s)')), array('assign','uid'=>$user[$this->getModule()->userIdAttribute]), array('class'=>'add', 'title'=>Yii::t('RbamModule.rbam','Assign role(s) to this user'))),rbam/controllers/AuthAssignmentsController.php(78)
'select'=>"DISTINCT(SUBSTR(`$attribute`,1,1)) AS `$attribute`"=>
'select'=>"DISTINCT(SUBSTR(`$attribute`,1,1)) AS `$attribute`"=>
'select'=>"DISTINCT(SUBSTR($attribute,1,1)) AS $attribute"3.
rbam/views/authAssignments/index.php(44)
'url' => 'array("assign", "uid"=>$data->id)',=>
'url' => 'array("assign", "uid"=>$data->'.$this->getModule()->userIdAttribute.')',4.
rbam/controllers/AuthAssignmentsController.php(74)
$alphaPagination = new ApPagination($attribute);=>
$alphaPagination = new ApPagination($attribute); $alphaPagination->forceCaseInsensitive = true;Default Configuration Values
=>
About CWebApplication::findModule
About what mb suggested I would advice again calling CWebApplication::findModule, because comment for that method says "This method is used internally. Do not call this method.". I've written my own method for this.
Why is it only allowed to assign roles to users, not tasks?
Is this a security issue, or something to do with Drill -ups and -downs? I have a case when it's convenient to add few extra tasks directly to a user (like "Allow Debug Panel" for example). I ask, mostly, as a matter of discussion, not feature request.
Typo in the manual
In the current version of the manual, on page 11, a list of "out-of-the-box" configurations is given. I suspect that an old configuration parameter is used because when I copied this list I got an error on:
‘userPkAttribute=>’id’,
Looking at the module properties that were defined it should be:
'userIdAttribute'=>'id',
Bug?
I'm using rbam as a submodule and I experienced infinity loop in RbamModule.php:292.
I suppose that this:
$m = $this; do { $this->baseUrl = '/'.$m->getId().$this->baseUrl; $m = $this->getParentModule(); } while (!is_null($m));should be:
$m = $this; do { $this->baseUrl = '/'.$m->getId().$this->baseUrl; $m = $m->getParentModule(); } while (!is_null($m));After this change rbam works for me (I had getModule bug too but it was mentioned below).
Second thing is that images for jsTree don't work (wrong path to style in head section).
Re: Why is it only allowed to assign roles to users, not tasks?
Yii's underlying AuthManagers do allow assigning of tasks and operations, as well as roles, to users (this is because they are all authItems to Yii). However, a Role Based Access Control implementation, should only assign roles to users (clue's in the name :-) ), then assign tasks to roles and operations to tasks.
The idea behind RBAC is to map the roles, tasks, and operations onto the real world - be that an application or a company; roles being what job (or role) a person has (User Administrator in an app, Department Manager in a company), tasks are the things a person does to fulfil their role (Add User in an app, approve expenses in a company), operations are the lowest level (Write to user table, send approval form to finance).
The beauty of RBAC is it's multiple inheritance; i.e. the fact that many roles can do the same task (the Sales manager and the Marketing Manager can approve expenses - biz rules would determine who's expenses they can approve and to what amount), and that a role can have many tasks (the Sales Manager does forecasting, expenses approval, and ...)
An advantage of doing things this way is that in the real world the tasks needed to fulfil a role do change very often, whereas who does a role tends to change more frequently ; RBAC makes it easy to move a person to a new role and they automatically get all the permissions it needs.
Thanks
for the bug reports, and to Jangos for the Russian translation
Infinite loop
I can confirm that the infinite loop reported by c-s-h exists and his small change corrects the problem.
Re: Infinite Loop
This is fixed in V1.5 (released on 17 Feb 2011)
Re. Infinite Loop
I was using the demo :-)
May a demo applied into Yii blog make more sense ?
I was impressed by the introduction but after trying the demo it doesn't make a lot of sense to me. My most concern is the design and UI are hard to customize and adapt into my existing Backend.
I see Chris83's comment here and IMO i prefer his ext. With this one, i still haven't figured out how to assign a static role (no business rule) to an user.
Re: May a demo applied into Yii blog make more sense ?
Thanks for trying RBAM
Controllers stored in sub-directories
Most of my controllers are kept in sub-directories and rbam wasn't finding the controllers contained in those sub-direcotries. I put together a quick fix for myself and thought it might help someone else.
I changed the getControllers method within RbamAnalyser.php.
private function getControllers($module) { $controllers = array(); $p = array($module->getControllerPath()); $listing = scandir($p[0]); foreach ($listing as $row) { if (is_dir($p[0] . "/" . $row)) { if(substr($row,0,1) != '.') //Ignore '.', '..', '.svn', etc { $p[] = $p[0] . "/" . $row; } } } foreach ($p as $path) { foreach (array_filter(scandir($path),array($this,'isController')) as $controller) { $id = str_ireplace('controller.php','',$controller); $controllers[] = (object)array( 'id'=>$id, 'actions'=>$this->getActions($id, $path) ); } } return $controllers; }Demo
It would be super useful to show how to use this in a controller outside of the module.
An example accessRules() method would be great. Having an action in the demo that could not be accessed without authorization would be excellent.
In the meantime I am still digging.
Looks really promising though!
doodle
demo
The demo doesn't work :(
RE: Demo
@doodle - how to use this in a controller outside of the module.
if(Yii::app()->user->checkAccess('<authItemName>',$params)) { // Do whatever the user is authorised to do }Where is the name of the authorisation item - role, task, or operation - that you are checking to see if the current user is authorised for.
More information on this is in the Yii Guide section 8.3.6 and onwards.
@warden
Thanks for alerting me to this. Not sure what's happened, but will fix it
Not sure what you are asking for re: the demo as RBAM doesn't do any authorisation; it manages the autorisation items, hierarchy and assignments; authorisation is done as above.
OK I have a working example
Like all things Yii there are many ways to do things. I like the idea of creating a task and assigning it to a role.
I managed to protect an entire controller from being accessed by anyone not having a task within their role with the following code.
In this example the task is 'EditPageContent'
public function init() { if(Yii::app()->user->checkAccess('EditPageContent')) { // Do whatever the user is authorised to do return; } else { $this->redirect(Yii::app()->user->loginUrl); } }thanks
Re: OK I have a working example
@doodle
As you say, there is usually more than one way to things in Yii, and what you have will work just fine. Another (IMHO better) way is to declare access control in the controller's accessRules() method; this is the logical place and describes what is going on, and means the actions don't need to worry about authorisation - if they get called the user is authorised and they can just get on with what they need to do.
Taking your example this would become:
public function filters() { return array( 'accessControl', // other filters ); } public function accessRules() { return array( array('allow', 'actions'=>array('EditPageContent'), 'roles'=>array('EditPageContent'), ), // other access rules array('deny', 'users'=>array('*'), ), ); }Note: the "roles" in accessRules refers to roles, tasks and operations (it's badly named in my opinion - should have been authItems to describe it better, but we have what we have)
The real benefit and beauty of RBAC comes by defining a hierarchy. Consider this:
Have the roles "PageManager" and "PageEditor"; users are assigned appropriately
Have the tasks "EditPage", "EditOwnPage"
Have the operations "Create", "Delete"
(The Create and Delete operations could equally well be tasks. I like have atomic actions as operations, others prefer direct inheritance by roles to be tasks; it's purely personal preference and makes no difference.)
The hierarchy is:
PageManager inherits EditPage, Create, and Delete
PageEditor inherits EditOwnPage and Create
EditOwnPage has a business rule that checks that the page creator is the current user
(Defining the above roles, tasks, operations, hierarchy and assignments is what RBAM and other extensions - Rights and SRBAC - manage)
In the PagesController there are the "create", "update", and "delete" actions.
The access rules can now be:
public function accessRules() {
return array(
array('allow', 'actions'=>array('create'), 'roles'=>array('Create'), // PageManagers and PageEditors will be allowed ), array('allow', 'actions'=>array('update'), 'roles'=>array('EditPage', 'EditOwnPage'), // PageManagers will be allowed to update all pages, PageEditors only their own ), array('allow', 'actions'=>array('delete'), 'roles'=>array('Delete'), // Only PageManagers will be authorised ), // other access rules array('deny', 'users'=>array('*'), ),);
}
Help with business rules
@Yeti thanks so much for your help, I agree with your approach and no I did not realize that roles where the same as authItems, that should definitely be in the guide!
So now I want only a super admin or the owner of the document to edit the document. I have done stuff like this in the past but I could never figure out the business rules.
According to the guide.
$bizRule='return Yii::app()->user->id==$params["post"]->authID;'; $task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule); $task->addChild('updatePost');My model is called 'Webpage' and the field 'createdby' contains the id of the user who created this page. So this is my business rule.
// task 'editOwnPage' return Yii::app()->user==$param['Webpage']->createdby;in my accessRules
// pageEditor is a role, editOwnpage is a task array('allow', 'actions'=>array('update'), 'roles'=>array('pageEditor','editOwnPage'), ),My user 'demo' has one role 'member', member role has two tasks 'ViewPageContent' and 'editOwnPage' the first task doesn't really do anything but the second contains a business rule.
Setup this way the user 'demo' cannot edit any pages.
If I change my accessRules to this
array('allow', 'actions'=>array('update'), 'roles'=>array('pageEditor','member'), ),Then user 'demo' can edit any page.
Thanks in advance for your help, I really find the RBAC part of Yii confusing.
doodle
Edit to last comment
This should be
// task 'editOwnPage' return Yii::app()->user==$params['Webpage']->createdby;I caught that typo but it still didn't work as expected.
doodle
See my post in the RBAM forum thread
I have a working example again!
RBAM forum thread
doodle
RBAM Not Initialised
Hi yeti
just installed latest version of RBAM
but I'm stuck on RBAM Not Initialised
what should I do ?
Missing styling
After integrating this extension in my application, it seems parts of the styling are missing.
For example, the form on "rbam/authItems/create?type=2" has no styling applied to it.
Any solutions?
bug fix for 1.6.1
rbam\views\authAssignments\assign.php
replace two
with
demo is broken
The demo does not work or is it just for me?
initialize - Please provided complete example file, or better yet, just read current rbac tables!!
This is the second rbac extension I've tried to get working in my app, yii-rbac, and now your rbam.
RBAM comes up fine, but demands to be initialized. Why wouldn't it just use the data in the tables that is already available?? I've completed the Agile-yii book and have authmanager working, just not an easy way of viewing and managing roles, tasks and operations.
Please help out with a detailed data array that initialise can use, or let it just go into a mode where it can use what's there.
thanks,
Re: initialize - Please provided complete example file, or better yet, just read current rbac tables!!
You don't have to initialize it when you set the proper roles (the initialize message is only shown when you don't have access to the RBAM interface). For instance, my application uses:
'rbam'=>array( 'rbacManagerRole'=>'SuperAdmin', 'authAssignmentsManagerRole'=>'SuperAdmin', 'authItemsManagerRole'=>'SuperAdmin', ),The message you saw implies that it needs to be initialized, and is misleading. Maybe the author can change it?
An option to disable (role based) authentication to the RBAM module would be handy though. For example, I only enable the module in my development environment where I wouldn't require access checks to RBAM.
@.@ can't see the demo
as the title says, the demo has an error. can you fix it so i cloud check if this extension could help me :D thx
Not Working
First, I could not go beyond the 'not initiliazed' screen.
Second, I could, using this configs:
'rbam'=>array( 'authAssignmentsManagerRole'=>'admin', 'authenticatedRole'=>'Authenticated', 'authItemsManagerRole'=>'admin', 'development'=>true, 'initialise'=>true, 'rbacManagerRole'=>'admin', 'userClass'=>'Usuario', 'userIdAttribute'=>'id_usuario', 'userNameAttribute'=>'usuario', )After logout and login again, i am receiving a 403 error page. I cant access rbam any way else.
I tryed to change the initialise to false, I tryed to create an user RBAC Manager, to log using it, but the 403 persists.
Now I am leaving this extension.
Thanks anyway.
,
a little
I import the SQL schema (\yii\framework\web\auth\schema-mysql.sql). then this is the config:
'rbam'=>array( 'development'=>TRUE, 'initialise'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db', ), 'rbacManagerRole'=>'admin', 'userClass'=>'User', 'userIdAttribute'=>'id', 'userNameAttribute'=>'username', ),Bug in RbamDbAuthManagerBehavior.php
There's a bug that enables a person with the role 'authAssignmentsManagerRole' to assign somebody (even himself) the 'rbacManagerRole' role, and then scaling privileges. To avoid this, you've to modify the method 'getEUnassignedRoles' and put the following:
foreach ($owner->defaultRoles as $defaultRole) unset($unassignedRoles[$defaultRole]); // start of modification if(!Yii::app()->user->checkAccess($this->module->rbacManagerRole)) { unset($unassignedRoles[$this->module->rbacManagerRole]); unset($unassignedRoles[$this->module->authItemsManagerRole]); unset($unassignedRoles[$this->module->authAssignmentsManagerRole]); } // end of modification $assignedRoles = array();Put RBAM in protected/extensions/ instead of protected/modules
If you want to put this module (or any other module) in another folder, configure like this:
Put rbam folder in protected/extensions/:
(..) // Modules 'modules' => array( 'rbam'=>array( 'class' => 'ext.rbam.RbamModule', (..)DataValidator
in DataValidator
if (!empty($model->bizrule) && strpos($model->bizrule,'$data')!==false && empty($this->data)) // may be $model->dataDemo link broken
I think your demo page is broken.
Bug for rbam 1.6.1
If User table have id column's type is not int ( example : varchar) . Fix these line:
\rbam\views\authAssignments\assign.php:
jQuery("#AuthAssignment_userId").val('.$user->{$module->userIdAttribute}.');
=>
jQuery("#AuthAssignment_userId").val("'.$user->{$module->userIdAttribute}.'");
\rbam\components\behaviors\RbamDbAuthManagerBehavior.php
$condition = 'type='.CAuthItem::TYPE_ROLE." AND name NOT IN(SELECT itemName FROM {$owner->assignmentTable} WHERE userid=$uid)";
=>
$condition = 'type='.CAuthItem::TYPE_ROLE." AND name NOT IN(SELECT itemName FROM {$owner->assignmentTable} WHERE userid='$uid')";
Beware of the default bizrule for Guest role
Hi,
There's this issue I'm still looking into that is described here.
In the meantime, please be advised that the bizrule attached to Guest role will lead to incorrect behavior (=bug) if Authenticated is to inherit from Guest, which is natural to assume.
Solution? Remove the bizrule from the Guest role so anyone, from RBAC perspective could assumed to be of this role, including authenticated users. No, this is only an permissions granting perspective. If you think about it it bears no implication regarding application flow in general.
Is it me or are the default roles not working at all?
Right, so I added a few permissions to the Guest and Authenticated role, but I kept on getting the access denied. So I did a
<?php print_r(Yii::app()->authManager->defaultRoles);?>And hooray, empty array. The RBAM-module has the following in the beforeControllerAction:
<?php public function beforeControllerAction($controller, $action) { $authManager = Yii::app()->getAuthManager(); $authManager->defaultRoles = array_merge($authManager->defaultRoles, array( $this->authenticatedRole, $this->guestRole )); if ($authManager instanceof CAuthManager) $authManager->attachBehavior('authManager', array( 'class'=>($authManager instanceof CDbAuthManager? 'RbamDbAuthManagerBehavior':'RbamPhpAuthManagerBehavior' ), 'module'=>$this )); else throw new CException(Yii::t('RbamModule.rbam','AuthManager component is not an instance of CAuthManager')); $controller->authManager = $authManager; return true; } ?>and guess what, authManager::defaultRoles is not an empty array when I access the RBAM-module, and works perfectly.
Seems to me something is misplaced? And what am I missing here that defaultRoles are not set in other modules?
v1.6.1 - small fixes regarding $user->id
Hi
The RbamInitialiser and the 'assign' view of authAssignments still have some '$user->id' entries that should be something like:
(in assign) and
$user->{Yii::app()->getModule('rbam')->userIdAttribute}Further, another modification was needed regarding the menu generation.
When the current controller is not the RBAM, the menu is missing the controller's path prefix.
Hence, the corresponding menu generation code had to be updated like this (last line of the snippet):
return array_merge(array( array( 'label'=>Yii::t('RbamModule.rbam','Auth Assignments'), 'url'=>array($this->baseUrl.'/authAssignments/index'),To support ambigious columns, I changed this in AuthAssignmentController:
$asc = join(',',array_map(function($a){return (strpos($a,'.')===false)?'t.'.$a:$a;},$userNameAttribute));This supposes that the alias for the user table is 't'.
demo not working
Demo not working .Could you please correct it?
thanks
IMPORTANT: renaming does not propagate through tables!
Beware: I just noticed that renaming an auth item does not propagate the new name to the 'relationships' and 'assignments' table!
SRBAC does this (but, sadly, its GUI doesn't include any relationships manipulation).
fix for PosgreSQL
Last tested was RBAM version 1_6_1.
I'v noticed that RBAM dose not work well with PostgreSQL.
Anyway there is a fix:
'authManager'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db', 'itemTable'=>'auth_item', 'itemChildTable'=>'auth_item_child', 'assignmentTable'=>'auth_assignment', ),so the authorization table names must be changed. Why?
Because in PostgreSQL,
is the same as
But PostgreSQL is case sensitive on tables name, so an error is trigger.
The correct syntax is by quoting the table name:
SELECT * FROM "AuthItem"But in order to make no changes in the RBAM module, it is best to just rename the tables and make them lowercase...
Anyway one error still remains in:
\rbam\components\behaviors\RbamDbAuthManagerBehavior.php(162)
$condition = 'type='.CAuthItem::TYPE_ROLE." AND name NOT IN(SELECT itemName FROM {$owner->assignmentTable} WHERE userid=$uid)";$uid should be quoted, like:
$condition = 'type='.CAuthItem::TYPE_ROLE." AND name NOT IN(SELECT itemName FROM {$owner->assignmentTable} WHERE userid='$uid')";and now RBAM works with PostgreSQL! :)
manual link is broken
i'm trying to download PDF for the manual from
http://rbam.pbm-webdev.co.uk/documents/rbam_manual.pdf
but it's broken
The entire 3rd-level domain is unreachable
rbam_manual.pdf
I found the rbam_manual.pdf mirrored here http://pdfio.com/k-2272549.html
and on my site for save keeping http://bitbucket.org/bytebrain/yii-rbam-extension-manual It should be within the downloadable zip.
Important!
If you have set 'caseSensitive' => false in config/main.php this module will not work. Remove the entire line or set it to true to make it work.
You will otherwise get a 404-page.
can't make the rbam module work for me
i'm trying to implement the RBAM extension on my project and everything is ok, but "only" that it doesn't really prevent a user that is not allowed for X action to perform that action (operation).
here's what i have done:
added the following to the config/main.php:
'components' => array( 'authManager'=>array( 'class'=>'CDbAuthManager', 'connectionID'=>'db' ), ) 'modules'=>array( 'rbam'=>array( //'initialise'=>false, 'userNameAttribute'=>'email', ), )do i need to add anything to my controllers access rules?
thanks.
@Ron Lavie
For each controller action method, you need to specify the role/permission needed in order to access the method. This can be done either specifically in each action method, or using a filter (IIRC filters can be used with RBAC).
An example for specific method usage:
(HOW) to automate Role Assigning?
How do I implement automation of Role Assigning whenever a their is a new user? Any suggestions? thanks
answer
public function beforeSave() { if ($this->isNewRecord) // create Role and assign user to role return parent::beforeSave(); }error : include(User.php): failed to open stream: No such file or directory
After setup ,
If you have any questions, please ask in the forum instead.
Signup or Login in order to comment.