[EXTENSION] Rights

Yii 1.1 Extensions
15

i’m translating the module. In order to have the label for Auth Item translated in the user form i had to change the code of models/AssignmentForm.php:




public function attributeLabels()

	{

		return array(

			'authItem' => Yii::t('RightsModule.tr', 'Auth Item'),

		);

	}

and in file controllers/AssignmentController.php


'buttons'=>array(

		        'submit'=>array(

		            'type'=>'submit',

		            'label'=>Yii::t('RightsModule.tr', 'Assign'),

		        ),

		    ),

now looks like everything’s translated :)

16

Ok, now that it works, i’m trying to use it :D learning curves are funny :D

i figured out that in my controllers i have to extend RightsBaseController… :)

ex:




class PostController extends RightsBaseController

{

public function filters()

	{

		return array(

			'rights',

		);

	}

ok… now how can i check permissions? i created an Operation called PostController_actionCreate (tried also PostController_Create) and assigned it to a user (fredo). but when logged in with this user i navigate to http://digitaldealer.wdev.wedoo.local/index.php?r=post/create it says "You are not authorized to perform this action."…

what’s the matter? when i’ll get it, i promise you a beer (i’ll be in Helsinki in August!)

thanks a lot

17

(removed code from quote.)

Hello joeysantiago,

The naming policy is the following: Post_Create (if the controller is PostController and the action is actionCreate()).

This is thoroughly documented in the doc, read the section about ACAC and see if that helps to understand how it works.

18

Hi Chris,

For instance I have 10 Controllers and each Controller has about 10 Actions.

Controller always has some same Actions like: Index, View, Create, Delete,…

I think I could make task *_Index or *_View for all Controllers that have Index or View action.

What you say?

19

Sorry… the problem was my server kind of cached operations and assignements… i restarted apache2 for other stuff and now magically everything works.

i attached the italian translation… were my yesterday’s findings ok?

thanks a lot,

federico

PS: in my main php i set


'modules'=>array(

        'rights'=>array(

                //'install'=>true, // Remove this row after running the module the first time.

                'superUserRole'=>'Admin', // Only an example, this is the default value.

                'defaultRoles'=>array('Guest'), // Only an example, this is the default value.

                'superUsers'=>array(

                        1=>'admin',

                ),

        ),

	),

is ‘admin’ user’s username? i feel quite dumb… i tried to assign superUser to my username, but it doesn’t work…

thanks :)

20

What are difference between Operations and Tasks?

I create a role as below but it doesn’t work:

Name: Authorized_User

Description: authorized user

Bizrule: return Yii::app()->user->id

Controller:




    public function filters() {

        return array( 'rights', );

    }


    public function accessRules() {

        return array('index', 'view', 'create', 'update', 'delete', 'admin', 'topAuthors', 'articles', 'setdefault');

    }

I assigned Authorized_User has ability to Create new author.

21

Hope i understood it well:

a task is a set of operations. I think about them as something like:

task (name = "forum management"){

operation (name = "create posts"),


operation (name = "update posts"),


operation (name = "delete posts"),

}

hope it helps! :)

22

Hello quangle,

You don’t need the Yii’s accessControl-method if you don’t use the accessControl-filter.

Also, in normal cases like yours, you don’t need to set any business rules.

Please read the “Role-Based Access Control”-section in Yii’s guide to Authentication and Authorization here:

http://www.yiiframework.com/doc/guide/topics.auth

23

Version 0.9.7 is now available.

New features are:

  • Flash messages

  • Support for module nesting

  • Sorting of authorization items

  • Hover functionality for the tables

  • Improved Installer

  • German translation (thanks g3ck0)

  • Italian translation (thanks joeysantiago)

I did a major code review during which I improved the code quality a bunch and even rewrote almost all comments. The overall quality of the module’s source code should now be pretty good.

The module documentation has also been updated and can be found at:

http://yii-rights.googlecode.com/files/yii-rights-doc.0.9.7.pdf

Enjoy!

24

Hello quangle,

This is an interesting idea but it could result in a potential security risk and would you really want to assign all index and view actions to one role/user instead of assigning them separately?

I could think of making a operation for accessing all actions within a controller, but I’m not sure that is needed either. What do you think?

25

Hi,

Maybe I’m doing something wrong, but installer fails with error Property “CDbAuthManager.itemWeightTable” is not defined.

And I’ve searched for this in google, no luck… Could tell me what am I doing wrong?

26

Hello speedster,

As noted on the project page there is an error in the documentation. Please change your authManager to use the class RightsAuthManager and it should work. I’ve already corrected this in the documentation and it will be corrected in the next version.

27

Version 0.9.8 is now available.

New features are:

  • Authorization item generator

  • Automated installer

  • Improved support for module nesting

  • Sorting of all types of authorization items

I’ve been working pretty hard on getting it ready so I hope it work well. In case you happen to find a bug please report it on google code. The authorization item generator should be of assistance when installing the module so that you don’t need to create all the items for the filter by hand.

The generator can be accessed from:

rights/setup/generate

The documentation has again been updated and can be found at:

http://yii-rights.googlecode.com/files/yii-rights-doc.0.9.8.pdf

Enjoy!

28

Great job, Chris!

I love the generator feature! It will save a lot of time to set up the whole access control.

I am very new to yii and I am trying to do something as bellow:

I have a button that calls to a action. Instead of user going to the page display the decline message, I try to hide the button from displaying.

e.g. on Post/Admin page, every record has "View", "Edit", "Delete" buttons. If user has no permission to "Edit", then this user can not see the "Edit" button at all.

I’m not sure how can it be done normally, but this is just my thought. Maybe there can be a API that returns true or false value, like:


Yii::app()->rights->isPermit

Or references of other approaches or tutorials will be highly appreciated.

Thanks again for your great effort.

Jun

29

We actually have that built in Yii’s access control.

With CMenu you can use:


'visible'=>Yii::app()->user->checkAccess('User.View')

or then you can of course put the link in an if-clause with a call to checkAccess.

You can read more about the checkAccess-method here:

http://www.yiiframework.com/doc/guide/topics.auth

If you wish to see how to use checkAccess in practice check out Yii’s blog demo with Rights which can be downloaded at:

http://yii-rights.googlecode.com/files/yii-blog-with-rights-0.9.8.r56.zip

Hopefully this helps. :)

30

Chris, thanks for the great work!

Right after I installed Rights following the installation guide from your PDF, Rights was not working. I had to create the Auth… tables myself. I am using Yii 1.1.3.r2247.

31

Hello Niels,

Did you install the latest version (0.9.8) or? I haven’t had any problems like yours while testing and I’ve tested it quite a lot, reinstalled and set up on different projects atleast a dozen of times.

What kind of problems did you encounter?

Also what version of the documentation did you follow?

32

I used Rights 0.9.8.r56 and I used this guide to install. When I visited /index.php?r=rights I got directly redirected to /index.php. I was logged in as admin.

33

In order for the install to when accessed it requires you to not have any of the tables for the Authorization Manaager (authitem, authchild, authassignment). If you do you need to drop them to install Rights.

34

I installed Rights 0.9.8. The installation and the automatic generation of authorization items worked without any problem.

However to make the ACAC (rights filter) work I had to change my user table setting the id = username.

If I leave the id of the User table set to autogenerated values (1,2,3…n) what happens is that the auth items are assigned to the id, and the checkAccess performed in the RightsFilter is done aginst the username, and therefore always fails.

I am new to Yii, so maybe something in my setup is wrong: I would appreciate any suggestion.

In any case, thanks for a great piece of code, very useful!