Hi,
I was using the RBAC and got following error
>> rbac grant roles=id:2 permissions=id:%
PHP Warning: Call-time pass-by-reference has been deprecated in protected\commands\shell\RbacCommand.php on line 4
39
What is minimum PHP version I should use or what else I should do to fix it.
I am using php 5.3
Hi, Oleksiy.
I've not try it yet, but I think it is a nice module.
Will much appreciate if you include postgresql dump.
-majin-
Thanks for the example.
Very nice work
Instead of having php bizRules I will look to see if I can attach access levels.
As ex, for a structure like Holding/Firm/Department/Emplyee to have related access levels over the actions
Paul
PS: I'm missing something or the edit of the roles permisions is not done?
Quote
Something is wrong, editing should be fully working. What happens when you click on 'Edit' link in 'Action' column?
The problem is under Roles when I'm clicking on Permissions. I think I misunderstood how is working. It shows only the tree (app and model) and the tree is expanding. No other options and no effect on save.
roles_has_permissions is not changed after save.
I created a group "Test" and I don't have a clue how to allocate the permissions.
THX
Paul
EDIT:
It has to be a checkbox tree? I don't have any checkbox. And no JS errors.
A strange tree if I may.
Looks like an extension is missing: JQueryCheckTree. There should be a collapsable tree with checkboxes.
I have it. I just unzipped your archive. I've changed only the config for db and framework. I'll investigate and I'll tell you if I found something.
The system for add users_to_goups when groups_as_roles need another way to usability… I think… I am try think how to…
legend: d=del,update=u,create=c,list=l
modules<-has->actions:
blog | d,c,u,l,s
chat | d,c,u,l,s
groups <has> permissions:
admin | d,u,c,l
cpd | c,l,
user | l
sup | u,
user_has_groups
example:
user group
max sup
max cpd
tom cpd
them user max can/has: roles/permissions sup+cpd=c,l,u
In my case users are part of task groups, in this case the number of records in databse are redused. dramatically,
for example I have 500 users group in 4 level, I setup 4 groups, with especific roles permissions, latter we add same user to corresponding group level.
Anyway, till I'll found the problem I have a question: User can have multiple roles? Looks like it could.
Also I need an advice. What I need is much more complicated but could be a start.
I need an authorization system that shows to certain users only few of the modules (I'll set them in the main menu) and certain controllers (secondary menu) and they can see only information inserted by them, or inserted by their colleagues in the department, or in the firm, etc. Any advice?
Thank you,
Paul
EDIT:
When the tree is taken through Ajax maybe a script must run.
There's a problem in Rbac.php
On Select distinct must change
AND u.id=:id
with
AND u.username=:id
and in RbacFilter.php when access is true i've no vars named
$p['title'] and $p['id']
Hi Simon,
You are using old Rbac code, please have a look at the snapshot I've attached few posts before.
and you should use supplied RbacUserLoginIdentity class as User Identity. Then you wont need to change to "AND u.username=:id"
Quote
On Select distinct must change
AND u.id=:id
with
AND u.username=:id
and in RbacFilter.php when access is true i've no vars named
$p['title'] and $p['id']
HI,
Yes, user can have multiple roles.
There are several solutions for your question. First is to make use of BizRule column, that is business rule - php code that can perform additional checks while evaluating the permission. Second, you can have a separate action, that will only update records that user can update. You will define a separate permission for this action and assign it to some role.
Quote
Also I need an advice. What I need is much more complicated but could be a start.
I need an authorization system that shows to certain users only few of the modules (I'll set them in the main menu) and certain controllers (secondary menu) and they can see only information inserted by them, or inserted by their colleagues in the department, or in the firm, etc. Any advice?
Thank you,
Paul
EDIT:
When the tree is taken through Ajax maybe a script must run.
This is quite nice idea, I will think about it!
Quote
Hard to chose. I was thinking at both solutions but first is hard to admin if you don't know PHP, second is not very flexible (coded for a specific problem).
Anyway, because I want dropdowns to set the module, controller and actions I was thinking on another idea: to make a set of bizRules to chose from, nicely labeled (another dropdown).
The question is: what's happening on multiple roles on one user? Even for the actual style of bizRules? (because you are able to put the same permission twice, with different bizRules)
Thank you,
Paul
If any of permissions for specified module/controller/action set allows access - then access is granted.
Quote
Thank you,
Paul
Quote
about layout, are you looked this image?
http://www.yiiframew…ttach=258;image
posted here:
Hello,
Yes I had a look, but the screens show an access to modules of the site (maybe it's an idea, I will think about it) and I need access to data.
What I don't like is that it doesn't fit in the actual design of RBAC lib, and is bloated with a lot of checkboxes.
What I like is that is everything in one place.
In the actual display model the easiest way to do it is to have a set of tables with the structure of the application and dropdowns for each level of it. At the end we can add a field (another dropdown) which sets the level of access. (in fact can be a set of bizRules stored in db.
(my main problem now is how to make autosubmit in the permission form to refresh the controller list and actions depending on modules)
Thanks,
Paul
Edit:
http://plugins.jquer…project/cascade
Hello,
I still didn't figure why the checktree doesn't work, I have a guess that "run" part of the extension doesn't run (i didn't found in the generated source the script defined there). I'll keep searching.
I've changed a bit the BaseAdminController to fit other data needs.
$data = array_merge(array('model'=>$model, 'scenario'=>$scenario, 'modules'=>$modules), $this->extraData());
$output = $this->renderPartial('_form', array('model'=>$model, 'scenario'=>$scenario), true, false);
I have now
$output = $this->renderPartial('_form', $data, true, false);
public function extraData(){ return array();}
and now, by overriding this function in the controller you can send more data to the view. As ex:
public function extraData()
{
$criteria=new CDbCriteria;
$modules=modules::model()->findAll($criteria);
return array('modules'=>$modules);
}
Hope that helps,
Paul
PS: same for actionCreate
Found the problem with the tree (I forgot to say that I'm using windows for development)
the problem is DIRECTORY_SEPARATOR
if we use
‘/’instead will be better for everybody. It’s better for portability, anyway.
Paul