[EXTENSION] Rights

Yii 1.1 Extensions
441

After applying the patch suggested by EXEC after a great find by ANESED, the id vs name vs whatever column name in the database seems to be fixed. As long as the model definitions are ok and the module settings are set (or left to default), the module works fine now regardless of any particular user setup.

I really hope Chris will issue a new revision of the module with this fix included…

On the other hand, here’s a big issue i have (and i believe all others using ‘rights’ module):

When I am trying to access the gii interface /index.php?r=gii i get an “Error 404 Unable to resolve the request “gii”.” message. I believe it’s a generic problem since accesing the very site of the module developer, at cniska.net/yii_blog/index.php/gii throws the exact same error. As soon as i disable ‘rights’ the GII works fine again.

Has anyone else experienced this? Any solutions?

442

When something is not authorized, the 403 error message is not showing the main layout. It is simply rendering the error message without any layout at all. I’ve tried adding ‘layout’=>‘application.views.layouts.main’ to force the rendering of the layout, but nothing is working. Is there something I’m missing? Where should I look first? Thank you.

443

Ok, it was a stupid error: lack of permissions for the web server to access the rights module folder. Solved.

I had another issue where although I was logged in with user id 1 and had superuserName set as ‘admin’ I had no permissions to view the rights pages.

After some debugging I had to make a small change in RAuthorizer::getSuperusers().


$superusers = array();

foreach( $users as $user )

  $superusers[] = $user->name;

to


$superusers = array();

foreach( $users as $user )

  $superusers[] = $user->username;

Now I have full access to rights.

Thanks for work in this module!

444

hi, yesterday I’ve installed Rights module into my app and everything works fine. But I’ve got a problem with access denied info. I’ve created a user with right to only operation in specific controller (I’ve 7 main controllers) and when I login as this user to my app I see the content displayed by allowed controller action but when I try to access a “not allowed” controller action I get:

CHttpException

Nie jesteś upoważniony do wykonania tej akcji. (C:\Users\EVEO\Documents\URVE\Profiles\urve\protected\modules\rights\components\RController.php:62)

#0 C:\Users\EVEO\Documents\URVE\Profiles\urve\protected\modules\rights\components\RightsFilter.php(57): RController->accessDenied()

#1 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\filters\CFilter.php(39): RightsFilter->preFilter(Object(CFilterChain))

#2 C:\Users\EVEO\Documents\URVE\Profiles\urve\protected\modules\rights\components\RController.php(36): CFilter->filter(Object(CFilterChain))

#3 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\filters\CInlineFilter.php(59): RController->filterRights(Object(CFilterChain))

#4 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\filters\CFilterChain.php(131): CInlineFilter->filter(Object(CFilterChain))

#5 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\CController.php(283): CFilterChain->run()

#6 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\CController.php(257): CController->runActionWithFilters(Object(CInlineAction), Array)

#7 C:\Users\EVEO\Documents\URVE\Profiles\framework\web\CWebApplication.php(277): CController->run(‘error’)

#8 C:\Users\EVEO\Documents\URVE\Profiles\framework\base\CErrorHandler.php(280): CWebApplication->runController(‘site/error’)

#9 C:\Users\EVEO\Documents\URVE\Profiles\framework\base\CErrorHandler.php(181): CErrorHandler->render(‘error’, Array)

#10 C:\Users\EVEO\Documents\URVE\Profiles\framework\base\CErrorHandler.php(104): CErrorHandler->handleException(Object(CHttpException))

#11 C:\Users\EVEO\Documents\URVE\Profiles\framework\base\CApplication.php(709): CErrorHandler->handle(Object(CExceptionEvent))

#12 [internal function]: CApplication->handleException(Object(CHttpException))

#13 {main}

displayed as a whole page instead of part of layout. What can be the reason?

445

Ok, I’ve found where my problem was, I haven’t granted Site.* access permission to user. now everything works like it should.

Cheers

446

Is there a way to grant access to all module controllers and actions (AController., BController., CController., …) in a single task? Now I’ve created a task "ModuleName." and added childs “AController.*” to that task.

Thanks for help.

447

I think I found a bug :) I went to your demo, revoked admin status from the admin and now there is no Rights system anymore… I guess it shouldn’t be possible to remove the last existing superuser ^^

448

Hi Chris,

I’m working with Rights extension and I’m having troubles with the install process.

I read the pdf document.

I copied the Rights files to the modules folder and I created manually the tables in the database.

But

  1. The Rights menu item is not in the main menu in my application

  2. I changed manually the url to get access to module but the application showed the message "There must be at least one superuser!"

On the other hand, the file RAuthorizer.php in the line 292 still user Rights::module()->userIdColumn instead of Rights::module()->userNameColumn, is this correct? (this is related with the post #3352 http://www.yiiframework.com/extension/rights#c3352)

Thank you in advance,

Diego Rodriguez

449

Hi All,

any one succeeded implement the rights for the nested modules?

specially when using Generate items for controller actions menu

the items generate wrong Item names for controller inside the nested modules

i have nested module located on

/protected/modules/admin/modules/client

when i try to use generate the items for controller action menu, this process provide the items name like:

Client.Default.Index

Client.Default.Create

Client.Default.View

Client.Default.Update

so when i try to assigned all the items to Authenticated user.

then try to log in with one of Authenticated user that have been created previously.

the Authenticated user can not accessed to the module pages mentioned above.

the i try to change the Item Names above to

Admin/client.Default.Index

Admin/client.Default.Create

Admin/client.Default.View

Admin/client.Default.Update

then try to login again…

and now worked.

anyone have got the problem like i do?

450

hello…

I wanted to ask,how to filter on assignment page

I do not want to show user if his role is Admin …

451

I currently have rights working across my site and modules.

However, I am having troubles getting it to work ON a submodule.

/ main site - Controller Extends RController

/module1 - uses rights filter, has the correct authitems/assignments and works fine.

/module1/module2 - same setup, created authitems/assignments BUT DOES NOT WORK.

Returns error:

Error 403

You are not authorized to perform this action.

When generating permission items for controller actions, it reads and generate the actions as follows:

Module1.Controllername.*

Module2.Controllername.*

However, Module2 is a sub module of Module1.

I tried assigning addition rules of:

Module1.Module2.Controllername.*

However, still returns "You are not authorized to perform this action."

I load the submodule in the init function of module1 like so:


		///Add blog submodule

		$this->setModules(array('blog'=>array(),));
452

please one video toturial how to install & use the rights module

– pleaseeeeeeeeeeee

453

i think your problem is same like me…

if you just want right is working on you application that using nested module you can create a new operation and named with full of your url pattren.

example if you have a nested module and the url like

/module1/module2/controller/action

so you new operation is must named as module1/module2.Controller.Action

but don’t know is this a solution for this?

because i like the right feature for the function that can read all of new action on every controller that application have. but generating a wrong operation name for all action on nested module.

i think this is a bug of right.

454

Mintaraga.

Thank you so much! That was definately the problem. I was just targeting it wrong with:

module1.module2.controller.action

I changed to:

module1/module2.controller.action and works perfectly!

I haven’t had many responses to problems that I post in the Yii forum. This is one of the first times. Thank you again for helping me.

455

cewll…

your welcome…

happy to know that help somebody…

456

i want translate it in russian :)

457

help meeee

i create role "Authenticated". Then append Site.Logout operation to it.

Then log in as Demo and can’t access to Site.Logout

Why?

I tried to write BizRule “return Yii::app()->user->id;” to the role. Doesn’t work

I tried to write !Yii::app()->user->isGuest; also

458

Hey yadino,

You need to be a bit more specific. Have you assigned the Authenticated role to you demo user?

Also, you do not need any business rule for what you’re trying to accomplish if you define Authenticated as the default role. See the Rights documentation for more information on how to use the default roles.

459

thanks for answer Chris.

i create firms catalog.

I want to make 2 roles: Guests and Authenticated

Guests will be can Site.Login Site.Registration Firms.Index Site.Index

Authenticated can Site.Logout Firms.Create Firms.Index Site.Index

my main config:




'import'=>array(

	'application.models.*',

	'application.components.*',

	'application.modules.rights.*',

	'application.modules.rights.components.*',        

	'application.extensions.debugtoolbar.*',

),

'defaultController'=>'site',


'modules'=>array(

	'rights'=>array(

		'debug'=>true,

		//'install'=>true,

		'enableBizRuleData'=>true,

                'userClass'=>'Users',

        ),

),


// application components

'components'=>array(

	'user'=>array(

	'class'=>'RWebUser',

	// enable cookie-based authentication

	'allowAutoLogin'=>true,

        'loginUrl' => array('/login'),

	),

	'db'=>array(

		'connectionString' => 'mysql:host=localhost;dbname=blogr',

		'emulatePrepare' => true,

		'username' => 'root',

		'password' => '',

		'charset' => 'utf8',

		'tablePrefix' => '',

	),

	'authManager'=>array(

            'defaultRoles' => array('Guest'),

            'class'=>'RDbAuthManager',

            'connectionID'=>'db',

            'itemTable'=>'authitem',

	    'itemChildTable'=>'authitemchild',

	    'assignmentTable'=>'authassignment',

	    'rightsTable'=>'rights',

        ),

my SiteController.php




class SiteController extends RController

{

...

public function filters()

{

  return array(

    'Rights',

  );

}

public function allowedActions()

{

  return 'index,error';

}

...

No. I think what this role must append automaticly to ever authenticated user.

Or i must append Authenticated role every time after add new user?

460

I think I may have found a bug in 1.3.0.r147 that doesn’t exist in the 1.1.0.r132 version used by Yii-web-start.

In RAuthorizer.php, around line 298, is this code:


		$superusers = array();

		foreach( $users as $user )

			$superusers[] = $user->name; //this is the line with the problem

In the earlier versions of RAuthorizer.php (called RightsAuthorizer.php back then I believe), the above line used a function called ‘getName()’, which pulled the usernameColumn property from the defaults or config file (if set.)

Thus, while EXEC’s patch will work, I think the correct patch is to modify line 300 of RAuthorizer.php to:


		$superusers = array();

		foreach( $users as $user )

			$superusers[] = $user->getName(); // changed from $user->name

It worked for me. :)