Building Authorization Data with RBAC

tntnOdln · May 15, 2017, 9:18pm

Hi,

I created my tables ‘RBAC’ by according to this article : http://www.yiiframework.com/wiki/848/installation-guide-yii-2-advanced-template-with-rbac-system/

Now I want to Building Authorization Data (http://www.yiiframework.com/doc-2.0/guide-security-authorization.html)

And I try to add createPost permission with RBAC on yii2.0

So I’m on mysite/index.php?r=admin%2Fpermission%2Fcreate

And I fill like this :

Name : createPermission

Rule Name : createPost

Description : add "createPost" permission

Data : NuLL/Empty I did not put anything

and I click on Create button

but I have a following message : [color="#FF0000"]Rule "createPost" does not exists[/color]

Have Can I fill my tables RBAC ?

Thanks

tntnOdln · May 16, 2017, 2:20pm

Hi,

Could you me give some idea : how can I fill forms of Building Authorization Data ?

[list=1]

[*]mysite.com/index.php?r=admin/permission

[*]mysite.com/index.php?r=admin/role

[*]mysite.com/index.php?r=admin/assignment

[*]mysite.com/index.php?r=admin/route

[/list]

Do you have some exemple ?

Which form is first one for fill ?

Thanks

tri · May 16, 2017, 3:03pm

As said before, I never used RBAC (and is still learning Yii2).

I found this extension. Perhaps it can be useful if you add it to another application and try it.

samdark · May 17, 2017, 8:47am

If you don’t have a rule — don’t fill it.

tntnOdln · May 17, 2017, 1:05pm

Hi,

Here what I did :

on /index.php?r=admin/permission :

by mySql table : [color="#008080"]auth_item[/color]

I think it is for Role

I created 2 action/role + superAdmin + userConnecte like thbis :

Name : createPost


Description : Create a post


Rule Name : empty / nothing	


Data : empty / nothing





Name : updatePost


Description : Update post


Rule Name : empty / nothing	


Data : empty / nothing





Name : superAdmin


Description : superAdmin can create and update post


Rule Name : empty / nothing	


Data : empty / nothing





Name : userGuest


Description : userGuest can only create post


Rule Name : empty / nothing	


Data : empty / nothing

So I have 4 recordings / ROLE on the table : [color="#008080"]auth_item[/color]

And I can done permission at superAdmin to createPost and updatePost

So I clicked on ‘update’ icon of superAdmin and click on ‘Update’ button :

On this page : index.php?r=admin%2Fpermission%2Fview&id=superAdmin

I selectede permission available : createPost and updatePost and clicked on ‘Assign’ button and then click on ‘Update’ button

So I have 2 recordings on the table : [color="#008080"]auth_item_child[/color]

1st : 


parent : superAdmin


child : createPost





2nd : 


parent : superAdmin


child : updatePost

I can assign admin right [superAdmin] or user right [userGuest] to some users :

So on /index.php?r=admin/assignment

I selected a user clicking by View icon :

On this page : /index.php?r=admin%2Fassignment%2Fview&id=2

I selected permission available : superAdmin and click on ‘Assign’ button

So I have 1 recording on the table : [color="#008080"]auth_assignment[/color]

Item_name : superAdmin


user_id : 2

on /index.php?r=admin

I can see my user with his permission and I can change it

It is very nice

tntnOdln · May 17, 2017, 1:12pm

Hi Samdark,

What is it exactly [color="#8B0000"]a rule [/color]?

For exemple have I can have a rule for createPost ?

Name : createPost
Description : Create a post
Rule Name : empty / nothing
Data : empty / nothing

And what is it a [color="#FF0000"]Data[/color] ? par exemple what I must fill in a Data for createPost ?

Thnaks

tntnOdln · May 17, 2017, 3:46pm

Hi,

I hope you are wery well

[font="Arial Black"]here is my resume :[/font]

I create, for exemple, two permission on following URL : index.php?r=admin/permission

(on the table of MySql : auth_item)

Name : createDepartment

Description : create Departement

Rule Name : [color="#8B0000"]empty / nothing[/color]

Data : [color="#8B0000"]empty / nothing[/color]
Name : superAdmin

Description : superAdmin can create

Rule Name : [color="#8B0000"]empty / nothing[/color]

Data : [color="#8B0000"]empty / nothing[/color]

And I can give a permission at superAdmin to createDepartment on index.php?r=admin%2Fpermission%2Fview&id=superAdmin

(on the table of MySql : auth_item_child)

parent : superAdmin
child : createDepartment

and I assign admin right [superAdmin] to a user : on /index.php?r=admin%2Fassignment%2Fview&id=2

(on the table of MySql : auth_assignment)

item_name: superAdmin
user_id: 2

And I rectified DepartmentController.php [yii2-app-advanced\backend\controllers]

by adding if condition :


if (Yii::$app->user->can('createDepartment'))

else

		{

			throw new ForbiddenHttpException;

		}

like this :


	if (Yii::$app->user->can('createDepartment'))

	{

		$model = new Department();


		if ($model->load(Yii::$app->request->post()) && $model->save()) {

			return $this->redirect(['view', 'id' => $model->id]);

		} else {

			return $this->render('create', [

				'model' => $model,

			]);

		}

	}

	else

	{

		throw new ForbiddenHttpException;

	}

etc… So now only "superAdmin" can create a department.

It’s works.

[font="Arial Black"]So here is all my questiion on RBAC[/font]

1- what is it a Data fields when I create a permission/role (auth_item) index.php?r=admin/permission ?

[list=1]

[*] 1.1 on the mySql table [auth_item], what is ‘type’ field ?

[*] 1.1.1 I have always 2 (value) at this field [type]. Why ?

[/list]

2- What is it exactly a rule with RBAC ?

2.1 how can I create a rule ?
2.1.1 by which url : ?
2.2 can I create a rule when I create a permission by filling ‘Rule Name’ field ?

3- What is it exactly a role with RBAC [/index.php?r=admin/role]?

3.1 can you give me a exemple ?
3.1.1 How and where can I use a role ?

4- Must I change MANUALLY [color="#FF0000"]all my controllers[/color] for assign admin right [color="#FF0000"]by adding if condition[/color] [Yii::$app->user->can] or are there an automatisation by RBAC ?

4.1 if yes, how I can implant this automatisation ?

Thanks

tntnOdln · May 17, 2017, 8:08pm

Hi,

Nobody me answer/help

but it is normal because this post is on wrong place : [color="#FF0000"]Yii Framework Forum> Yii 1.1.x> General Discussion[/color]

My question is on Yii 2.0 with advanced template

I’m sorry.

How can I move it on [color="#008000"]Yii Framework Forum> Yii 2.0> General Discussions[/color] ?

Can you help me to move it on Yii 2.0 ?

Thanks

tntnOdln · May 18, 2017, 1:14pm

I can not move this post on Yii Framework Forum> Yii 2.0> General Discussions.

So I created a new one on : http://www.yiiframework.com/forum/index.php/topic/74781-rbac-on-yii-20-advanced-template/

So if you want, you can delate this post or…

Thanks