[EXTENSION] Rights

Yii 1.1 Extensions
619

Using Yii-rights + Yii-user module in my project. In Rights, I generated operations based on my controller action, under update I added a child UpdateOwn.

For UpdateOwn, the bizrule is suppose to be a simple comparison that the logged in user’s ID is equal to $model->user_id field.

I understand yii checkaccess allow you to pass in variables as parameters and comparing with your defined bizrule. But how does it work for Yii-rights module? How or what are the data/params passed in to be used in bizrule? How can I define or pass my own data/params?

620

Hey all, Using Yii Rights and it’s awesome, thanks!!

I have restructured my application to use nested modules (ie. /backend/administration/category/) Administration is a sub module of Backend. Category is a Controller.

When I "Generate controller actions" it creates "Administration.Category.*", however when I try to grant access to this permission to a role, I get a 403.

Is there any issues in using nested modules, and Yii rights?

Thanks!

UPDATE:

Ok, I’ve just run some tests… I’ve looked into RightsFilter.php, and the preFilter() function. $authItem, which is derived from “ucfirst($controller->id);” returns “Backend/administration.Category”.

When the controller items are generated, it generates Administration.Category.*.

So the Administration module (child to "Backend") is being incorporated into the controller name.

Is this me doing something wrong??

Does anyone have any suggestions on how to elegantly fix this?

Cheers

Dan

UPDATE 2:

I’ve modified the rules by changing it from “Administration.Controller.", to be "Backend/administration.Controller.”, which is working.

However I feel I may have done something wrong? Does anyone else have this issue? Or a solution to this issue?

621

i installed rights successfully ,great extension i got the issue when it uploaded to Linux server

Unable to resolve the request "rights/authItem/roles".

i commented the ‘caseSensitive’=>false, in urlManager path of main.php

now its working :)

622

I use rights module and has a problem with checkaccess function, example:

  • in MyController (extends RController ):

public function filters()

{

return array(‘rights’);

}

public function allowedActions() {

return ‘index’; //public action

}

===> access to url my/index ok , but Yii::app()->user->checkAccess(‘My.Index’) will be return false if user not an admin. How to check if an action is public action?

Help me, please!

623

Application authorization manager must extend the RDbAuthManager class.

Getting this error, when i am trying install

624

i installed yii rights and it works ok… my problem is how can i change the them of yii rights? i have themes on my webapplication, i want also to use in my yii rights…

625

Hi chris. Actually i need help regarding yii rights extension. Actually i am using this extension and i am able to get roles assigned to a user. But i also want to know the user that are assigned to specific role. When i searched for that i got a link http://octathorpeweb.com/blog/2012/03/06/yii-rights-extension-rbac-role-based-access-control/

in this post writer is using authManager i think. Now my question is that if i want to access the user related to specific role then can i use these commands(methods). Would not it conflict with yii rights extension?

626

hello,

i installed right succesfully and created table for auth and auto make 3 role but when i want to go administrate the role in rights i get this error:


Error 403

You are not authorized to perform this action.

also i login but again get this error.

627

Hello,

I am using "user" and "rights" extension for creating users and manage them with roles. But this is not working properly.

Created some users by "user" modules

now created task(operation) to assign a user. When I assigned to a user it is not working properly. Could you please help me out ??

628

I was able to install rights with a mixture of things, I followed your instructions, but used this config instead (as in the yii-rights-doc-1.2.0.pdf installation pdf)




	'rights'=>array(

		// Name of the role with super user privileges.

			'superuserName'=>'Admin',

		// Name of the authenticated user role.	

			'authenticatedName'=>'Authenticated',

		// Name of the user id column in the database.	

			'userIdColumn'=>'id',

		// Name of the user name column in the database.

			'userNameColumn'=>'username',

		// Whether to enable authorization item business rules.

			'enableBizRule'=>true,

		// Whether to enable data for business rules.

			'enableBizRuleData'=>false,

		// Whether to use item description instead of name.

			'displayDescription'=>true,

		// Key to use for setting success flash messages.

			'flashSuccessKey'=>'RightsSuccess',

		// Key to use for setting error flash messages.

			'flashErrorKey'=>'RightsError',

		// Whether to install rights.

			'install'=>true,

		// Base URL for Rights. Change if module is nested.

			'baseUrl'=>'/rights',

		// Layout to use for displaying Rights.

			'layout'=>'rights.views.layouts.main',

		// Application layout.

			'appLayout'=>'application.views.layouts.main',

		// Style sheet file to use for Rights.

			'cssFile'=>'rights.css',

		// Whether to enable installer.

			'install'=>false,

		// Whether to enable debug mode.

			'debug'=>false,

),

I also had to insert the following into the database tables:

INSERT INTO authassignment (itemname, userid, bizrule, data) VALUES (‘Admin’, ‘1’, NULL, ‘N’);

INSERT INTO authitem (name, type, description, bizrule, data) VALUES (‘Admin’, 0, ‘Admin’, NULL, ‘N;’);

629

Hi I am also stuck with right module. This time i am using right modules only, i had installed.

I am asking help for two issue here

  1. when i logged in with admin, admin cant able to user other controller until it is assigned the task but it is supperuser as in configuration it must have all rights with out any assignment.

  2. second question , I want to restrict the access of right module by other user who are not admin, so how do i achieve this.

Thank you. And i want help from any one who had solved this problem, i may be doing something wrong or please help me or let me know.




<?php


// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','path/to/local-folder');


// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',

	'name'=>'My Web Application',


	// preloading 'log' component

	'preload'=>array('log'),

    'theme'=>'abound',

    'defaultController'=>'news',


	// autoloading model and component classes

	'import'=>array(

		'application.models.*',

		'application.components.*',

           'application.modules.right.*',

'application.modules.right.models*',

'application.modules.rights.components.*', // Correct paths if necessary.

	),


	'modules'=>array(

		// uncomment the following to enable the Gii tool

	

		'gii'=>array(

			'class'=>'system.gii.GiiModule',

			'password'=>'admin',

			// If removed, Gii defaults to localhost only. Edit carefully to taste.

			'ipFilters'=>array('127.0.0.1','::1'),

		),

            

            'rights'=>array( 

                   'superuserName'=>'Admin',

              //  'superUsers'=>array(

   // Name of the role with super user privileges. 

   'authenticatedName'=>'Authenticated',   // Name of the authenticated user role. 

   'userIdColumn'=>'id',       // Name of the user id column in the database. 

   'userNameColumn'=>'username',     // Name of the user name column in the database. 

   'enableBizRule'=>true,       // Whether to enable authorization item business rules. 

   'enableBizRuleData'=>false,     // Whether to enable data for business rules. 

   'displayDescription'=>true,     // Whether to use item description instead of name. 

   'flashSuccessKey'=>'RightsSuccess',    // Key to use for setting success flash messages. 

   'flashErrorKey'=>'RightsError',    // Key to use for setting error flash messages. 

   'install'=>false,       // Whether to install rights. 

   'baseUrl'=>'/rights',      // Base URL for Rights. Change if module is nested. 

   'layout'=>'rights.views.layouts.main',   // Layout to use for displaying Rights. 

   'appLayout'=>'application.views.layouts.main',  // Application layout. 

   'cssFile'=>'rights.css',      // Style sheet file to use for Rights. 

   'install'=>false,       // Whether to enable installer. 

   'debug'=>true,     // Enables the installer. 

             ),

		

	),


	// application components

	'components'=>array(

		'user'=>array(

                    

                    'class'=>'RWebUser',

			// enable cookie-based authentication

			'allowAutoLogin'=>true,

                   // 'loginUrl'=>array('/user/login'),

                    

		),

            

            

            'authManager'=>array( 

                    'class'=>'RDbAuthManager',   

                    'defaultRoles' => array('Guest'),

                'itemTable' => 'authitem',

                'itemChildTable' => 'authitemchild',

                'assignmentTable' => 'authassignment',

                'rightsTable' => 'rights',


                

                

                

                

                //'defaultRoles'=>array('Guest','Authenticated'), // Provides support authorization item sorting. 

    

            ),

               'imagemod' => array(

				//alias to dir, where you unpacked extension

			'class' => 'ext.imagemodifier.CImageModifier',

		),

		// uncomment the following to enable URLs in path-format

		/*

		'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			),

		),

		*/

//		'db'=>array(

//			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',

//		),

		// uncomment the following to use a MySQL database

		

		'db'=>array(

			'connectionString' => 'mysql:host=localhost;dbname=madhesspecialonline',

			'emulatePrepare' => true,

			'username' => 'root',

			'password' => '',

			'charset' => 'utf8',

		),

		

		'errorHandler'=>array(

			// use 'site/error' action to display errors

			'errorAction'=>'site/error',

		),

		'log'=>array(

			'class'=>'CLogRouter',

			'routes'=>array(

				array(

					'class'=>'CFileLogRoute',

					'levels'=>'error, warning',

				),

				// uncomment the following to show log messages on web pages

				/*

				array(

					'class'=>'CWebLogRoute',

				),

				*/

			),

		),

	),


	// application-level parameters that can be accessed

	// using Yii::app()->params['paramName']

	'params'=>array(

		// this is used in contact page

		'adminEmail'=>'webmaster@example.com',

	),

);
630

I have some problem with Url manage. I want to user it from module admin.

All my action at http://test.com/admin/news, http://test.com/admin/news/update/id/22 and e.t.c

Folders:

/modules/

–admin

–front

Where i can put the folder "rights", at admin or at modules.

My url manager


'urlManager' => array(

            'caseSensitive' => false,

            'showScriptName' => false,

            'urlFormat' => 'path',)
631

I have installed rights module. It created all the entries. This is my configuration in the main config file.




	// autoloading model and component classes

	'import'=>array(

                'application.modules.rights.*', // added for rights module

                'application.modules.rights.components.*', // added for rights module

	),


	'modules'=>array(

		// rights module

                'rights'=>array(

                    'superuserName'=>'admin',   // Name of the role with super user privileges.

                    'authenticatedName'=>'authenticated',  // Name of the authenticated user role.

                    'userIdColumn'=>'id',    // Name of the user id column in the database.

                    'userNameColumn'=>'username',   // Name of the user name column in the database.

                    'enableBizRule'=>true,    // Whether to enable authorization item business rules.

                    'enableBizRuleData'=>false,    // Whether to enable data for business rules.

                    'displayDescription'=>true,   // Whether to use item description instead of name.

                    'flashSuccessKey'=>'RightsSuccess',  // Key to use for setting success flash messages.

                    'flashErrorKey'=>'RightsError',  // Key to use for setting error flash messages.

                    'baseUrl'=>'/rights',   // Base URL for Rights. Change if module is nested.

                    'layout'=>'rights.views.layouts.main',  // Layout to use for displaying Rights.

                    'appLayout'=>'application.views.layouts.main', // Application layout.

                    //'cssFile'=>'rights.css',   // Style sheet file to use for Rights.

                    'install'=>false,    // Whether to enable installer.

                    'debug'=>true,    // Whether to enable debug mode.

                ),


	),


	// application components

	'components'=>array(

		'user'=>array(

                        'class'=>'RWebUser',

			// enable cookie-based authentication

			'allowAutoLogin'=>true,

		),

                // Rights RDBauthmanager

                'authManager'=>array(

                        'class'=>'RDbAuthManager',

                        'connectionID'=>'db',

                        'defaultRoles'=>array('guest')

                  ),

1. My controllers extends from RController and also has rights filter. This is the code for my controller.


<?php


class UserController extends RController

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

                        'rights',

			//'accessControl', // perform access control for CRUD operations

			//'postOnly + delete', // we only allow deletion via POST request

		);

	}

I create operations and assign them to roles. Then i assign the role to account.

Isn’t this config enough for automatic checking of access using rights filter? It always gives me access denied.

UPDATE: I had Yii defaults access control list enabled in the Controller. Once i commented them all, everything was working OK!

2. I want changes in the layout as per the user role. How do i achieve this? e.g. in


echo Yii::app()->user->checkAccess('ModelControllerActionId')

     ? CHtml::link('update', array('update', 'id'=>$model->id))

     : "";

UPDATE: Tried the following and it worked!


'visible'=>Yii::app()->user->checkAccess('Branch.Delete')
632

I have the following error:

Alias "rights.RightsModule" is invalid. Make sure it points to an existing PHP file and the file is readable.

I followed the installing-yii-users-and-rights-5-steps guide.

I have read somewhere else that can be permission issue, but i am using Windows. (Xampp)

Can anyone help me with this issue?

main.php





// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','C:\xampp\htdocs\team_page\public_html');


// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',

	'name'=>'Team Page',

	'theme'=>'bootstrap',

	// preloading 'log' component

	'preload'=>array('log'),


	// autoloading model and component classes

	'import'=>array(

		'application.models.*',

		'application.components.*',

		'ext.bootstrap-theme.widgets.*',

		'ext.bootstrap-theme.helpers.*',

		'ext.bootstrap-theme.behaviors.*',

        'application.modules.user.models.*',

        'application.modules.user.components.*',

        'application.modules.rights.*',

        'application.modules.rights.components.*',

	),


	'modules'=>array(

		// uncomment the following to enable the Gii tool

		'user'=>array(

				'tableUsers' => 'users',

				'tableProfiles' => 'profiles',

				'tableProfileFields' => 'profiles_fields',

		),

		'rights'=>array(

				'install'=>true,

		),

			

		'gii'=>array(

			'class'=>'system.gii.GiiModule',

			'password'=>'passz',

			// If removed, Gii defaults to localhost only. Edit carefully to taste.

			'ipFilters'=>array('127.0.0.1','::1'),

			'generatorPaths'=>array(

					'ext.bootstrap-theme.gii',

			),

		),

		

	),

		

	// application components

	'components'=>array(


		'user'=>array(

			// enable cookie-based authentication

			//'allowAutoLogin'=>true,

			'class'=>'RWebUser',

			'allowAutoLogin'=>true,

			'loginUrl'=>array('/user/login'),

		),

		'authManager'=>array( 

			'class'=>'RDbAuthManager',

			'connectionID'=>'db',

			'defaultRoles'=>array('Authenticated', 'Guest'),

		),

		// uncomment the following to enable URLs in path-format

		/*

		'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			),

		),

		*/

		/*'db'=>array(

			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',

		),

		// uncomment the following to use a MySQL database

		*/

		'db'=>array(

			'connectionString' => 'mysql:host=localhost;dbname=team_page',

			'emulatePrepare' => true,

			'username' => 'root',

			'password' => '',

			'charset' => 'utf8',

		),

		

		'errorHandler'=>array(

			// use 'site/error' action to display errors

			'errorAction'=>'site/error',

		),

		'log'=>array(

			'class'=>'CLogRouter',

			'routes'=>array(

				array(

					'class'=>'CFileLogRoute',

					'levels'=>'error, warning',

				),

				// uncomment the following to show log messages on web pages

				/*

				array(

					'class'=>'CWebLogRoute',

				),

				*/

			),

		),

	),


	// application-level parameters that can be accessed

	// using Yii::app()->params['paramName']

	'params'=>array(

		// this is used in contact page

		'adminEmail'=>'webmaster@example.com',

	),

);
633

Hi,

I have the rights module within my app.

I setup a standard webapp with yii, got everything working, rights module too.

Now my requirement is to use an email address for login purposes and as such have created a class that extends CBaseUserIdentity and UserIdentity extends that, have altered all my LoginForm model and UserIdentity, all that side is good, I login with email and password no problem.

I removed the rights tables to go for re-install as had changed superuser name in config to my email.

My user model is called Parent_Model and it resides in a module called identity so : application.modules.identity.models.Parent_Model.php in yii path terminology.

I have changed the rights userClass to Parent_Model.

When I call index.php?r=rights/install or index.php?r=rights all that is happening is a refresh to home page.

I have been trying to suss this for 3 hours solid and am completely clueless so far.

I included main.php config for your viewing pleasure.


<?php

// NEW MAIN.PHP CONFIG FILE //

// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','path/to/local-folder');


// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',

	'name'=>'Maisie Princess',

    'theme'=>'foundation522',


	// preloading 'log' component

	'preload'=>array('log'),


	// autoloading model and component classes

	'import'=>array(

		'application.models.*',

		'application.components.*',

        'application.vendors.*',

        'application.modules.identity.models.*', // Authentication Models

        'application.modules.rights.*', // RBAC Controller

        'application.modules.rights.components.*', // RBAC Controller

    ),


	'modules'=>array(

		// uncomment the following to enable the Gii tool


		'gii'=>array(

			'class'=>'system.gii.GiiModule',

			'password'=>'giipass',

			// If removed, Gii defaults to localhost only. Edit carefully to taste.

			'ipFilters'=>array('127.0.0.1','::1','82.1.174.250'),

		),

        'rights'=>array(

            'superuserName'=>'ron.appleton@gmail.com', // Name of the role with super user privileges.

            'authenticatedName'=>'Authenticated', // Name of the authenticated user role.

            'userIdColumn'=>'id', // Name of the user id column in the database.

            'userNameColumn'=>'email', // Name of the email column in the database.

            'enableBizRule'=>true, // Whether to enable authorization item business rules.

            'enableBizRuleData'=>false, // Whether to enable data for business rules.

            'displayDescription'=>true, // Whether to use item description instead of name.

            'flashSuccessKey'=>'RightsSuccess', // Key to use for setting success flash messages.

            'flashErrorKey'=>'RightsError', // Key to use for setting error flash messages.

            'install'=>false, // Whether to install rights.

            'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested.

            'layout'=>'rights.views.layouts.main', // Layout to use for displaying Rights.

            'appLayout'=>'application.themes.foundation522.views.layouts.main', // Application layout.

            'cssFile'=>'rights.css', // Style sheet file to use for Rights.

            'debug'=>false, // Whether to enable debug mode.

            'userClass' => 'Parent_Model',

        ),


        'identity' => array(),


        'user' => array(),


        'meritgenerator' => array(),


        'treats' => array(),


    ),


	// application components

	'components'=>array(

		'user'=>array(

            'class'=>'RWebUser', // Allows super users access implicitly.

            // enable cookie-based authentication

			'allowAutoLogin'=>true,

		),

        'authManager'=>array(

            'class'=>'RDbAuthManager',

            'connectionID'=>'db',

            'itemTable'=>'AuthItem',

            'itemChildTable'=>'AuthItemChild',

            'assignmentTable'=>'AuthAssignment',

            'rightsTable'=>'Rights',

        ),

    // uncomment the following to enable URLs in path-format

		/*

		'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			),

		),

		*/

        'db'=>array(

                        EXCLUDED DETAILS!

        ),

		'errorHandler'=>array(

			// use 'site/error' action to display errors

			'errorAction'=>'site/error',

		),

		'log'=>array(

			'class'=>'CLogRouter',

			'routes'=>array(

				array(

					'class'=>'CFileLogRoute',

					'levels'=>'error, warning',

				),

				// uncomment the following to show log messages on web pages

				/*

				array(

					'class'=>'CWebLogRoute',

				),

				*/

			),

		),

	),


	// application-level parameters that can be accessed

	// using Yii::app()->params['paramName']

	'params'=>array(

		// this is used in contact page

		'adminEmail'=>'webmaster@example.com',

	),

);

You will see that I am also using Foundation522, however have tried it without etcetera.

Any help greatly appreciated, Thanks

EDIT:

I thought it was worth mentioning that, all the changes had actually worked, having cleared the browsers history, temp files and cookies it began working properly.

So it is worth noting that the model does not actually have to be called User, neither does the username column need to be titled anything specific.

I Still have layout issues, in that Rights is coming up with a very plain page with no templating, but when I have time I will crack that, reading through here will probably solve that, a little more complicated by using foundation, but well worth it.

I would like to say that the fine grained control, and ability to set permissions within the controllers (If you want.) Makes rights the extension of choice for me as it is very straight forward to use and makes the learning curve very, very soft indeed, I am completely comfortable with only 3 days use, and rbac is a new concept to me.

I would like to see a detailed tutorial part to the user guide regarding using business rules, how to create and use, a dummies version if you like, but other than that, this extension is superb, and going to the extensions site also showed me that maintenance of the code is on going.

My hat is off to the team developing this, you on to a winner.

If you havn’t already, I would seriously consider putting a commercial support plan together for it.

634

hi all

i have problem

Filter "rights" is invalid. Controller "AdminController" does not have the filter method "filterrights".

AdminController is :




	public function filters()

	{

		return array(


                         'rights', 

		);

	}

plz help :(

635

I am new to Yii. I was looking for a way to provide visibility based on data. I mean,

  1. if the data record was created by the user then show it.

  2. If the record is created by or assigned to reportee then show it.

Can we handle these situations using this module?

636

hi

how to add rights to my current theme

637

Does yii right work with CachedDbAuthManager?

638

i have installed user and rights module successfully and have created roles and operations. Now i want to control my menu role wise and also want to know how to business rule from rights GUI. Thanks