hi srinivasanrajendran, for resolve it, two step
step 1=>extends all your controllers not by Controller Yii native but from RController (Rights Controller)
step 2=>
Into you controller change code in filters function like below:
/**
* @return array action filters
*/
public function filters()
{
return array(
//'accessControl',
// perform access control for CRUD operations
'rights', // perform access control for CRUD operations
);
}
Hey there,
I just thought about revoking inherited operations. To make things more clear, I will give you an example:
Role "Authenticated" contains the operation "submit comment", now a users behaves bad and therefore should lose the right to "submit comments". Since this right is inherited through the "Authenticated"-role, you cant just revoke the right for the specfific user.
Thats the point where I would ask you to help me out. What I want are some more (or less) specific tips where to start/how to implement such a functionality best.
Since I am on the point of smashing my head against the wall, I am gonna get some sleep.
I really hope someone has an idea.
Thanks in advance.
PS: If its actually possible to do such things, I will just kill my self.
PPS: I dont need an already working code, though I wouldnt bother taking yours ;-).
Create role Admin and set
'superuserName'=>'Admin'
Only superuser have access to rights (if I’m not mistaken)
Using 1.3.0.r147 I ran into a bug that took me a couple hours to figure out so I’m posting my solution here for others.
Installing Rights and trying to visit its page I would get “Error 403 You are not authorized to perform this action.” The problem is that getSuperusers() is hardcoded to get the username from the ‘name’ column in the user table and is ignoring the configuration setting userNameColumn. The documentation seemed to imply otherwise which was a source of confusion for me.
Source of the problem is here in Rights/Components/RAuthorizer.php line 299:
foreach( $users as $user )
$superusers[] = $user->name;
I made the following change which seems to fix this:
$userNameField = Rights::module()->userNameColumn;
foreach( $users as $user )
$superusers[] = $user->$userNameField;
Now username can be in any column as long as you specify it in your app’s protected/config/main.php
'modules'=>array(
....
'rights'=>array(
'userClass' => 'yourUserClass',
'userNameColumn' => 'yourUserNameColumn',
'install'=>true,
),
....
),
Hi Chris,
I am developing a POS application based on yii, bootstrap, yii-user and rights.
I have two roles, supervisor and operator. Operator cannot delete or update the line item, where supervisor can. The thing is that sometimes, operator does a silly mistake that needs to be edited or deleted. I want the supervisor able to update or delete without the operator logout first. Is that possible to do that? probably by providing a form that need to be filled by the supervisor. the form contains username and password of the supervisor. And I want the submitted form is only regarded for this one action.
Cheers,
Daniel
Hi, GW for nice extension, but i have a question. How can i add a column ordering to cgridview?
sorry if this post is repost
I have some problem in performing checkaccess in controller.
I have a piece of code like this
I have inserted
'return yii::app()->user->id==$params['userid'];'
in database
when i run this controller with non superuser account, its always return Error 403, bla bla bla.
Is this code implementation was wrong.
Thanks for any suggestion 
I ran into this. I believe you need to call checkAccess from within an access filter method in your controller rather than in the controller action itself … access control happens before the controller action is called
@locomo thanks for response
i found your code look like similar me. Did it solved?
Actually, I have revised my code with your suggestion.
based Tuna’s post, I change code like this
public function filters()
{
return array(
'changePassword + changePassword',
'rights', // perform access control for CRUD operations
);
}
public function filterChangePassword($filterChain)
{
$model=$this->loadModel();
$params=array('userid' => $model->id);
if(Yii::app()->user->checkAccess('Profile.ChangePassword',array('userid'=>$params)))
$filterChain->removeAt(1);
$filterChain->run();
}
public function actionChangePassword()
{
if(isset($_POST['User']))
{
$model->attributes=$_POST['User'];
if($model->save())
$this->redirect(array('index'));
}
/*$model->password=NULL;
$model->passwordRepeat=NULL;*/
/*$params = User::model()->findByPk(Yii::app()->user->id);*/
//$this->render('_form',array('model'=>$model));
}
but the result return 403 bla bla
mine code is similar but has a few differences … it did work… here it is for you to compare
maybe instead of :
‘changePassword + changePassword’
do
‘changePassword + update’
??
public function filters()
{
return array(
// 'accessControl', // perform access control for CRUD operations
'accessOwn + view, update', // Apply this filter only for the view action.
'rights',
);
}
/**
* Filter method for checking whether the currently logged in user
* is the owner of the location being accessed.
*/
public function filterAccessOwn($filterChain)
{
$id = Yii::app()->request->getParam('id');
$model=$this->loadModel($id);
// Remove the 'rights' filter if the user can manage the location
if(Yii::app()->user->checkAccess('ManageLocations', array('userid'=>$model->company->owner->id)))
$filterChain->removeAt(1);
$filterChain->run();
}
@locomo thx again for instruction
After following your instruction and reading pieces of Rights Blog code, i can do it. Its now running
Now i have one question
I have 3 user group such as superadmin (super user), admin, and teacher.
The teacher can update own profile only
The admin can update own profile and all teacher profile
superadmin can handle all
if im using checkaccess how to do that? Is take into separated action or only play in biz rule? thx for suggest
I have a problem with the class-based actions of the site-controller. When you look at the default site-controller there is a page action to display static pages. It looks like this:
public function actions()
{
return array(
// page action renders "static" pages stored under 'protected/views/site/pages'
// They can be accessed via: index.php?r=site/page&view=FileName
'page'=>array(
'class'=>'CViewAction',
),
);
}
I don’t want Guests to access every action of the site controller, so I cannot grant access to the site.* operation. So when I want my users to display static pages with the page action defiened above I have to grant access to that particular action, but the permission cannot be created with the rights-generator, because it is not defined in the classic way with a actionPage() function.
Of course I could create a actionPage() function replacing the standard yii code, but i was wondering if there is a more elegant solution within yii.
Thanks for your help!
Hi! I need some help!
I can’t upload any file. Maybe CUploadedFile does not have permission to execute under Rights.
If I try to upload a .PDF or .DOC, I get this message:
[indent]Document type not allowed -only .doc and .pdf are permitted.[/indent]
If I try to upload images by CSwfUpload, I get these messages:
[indent]#2038[/indent]
[indent]302[/indent]
yii-1.1.5.r2654
yii-rights-1.3.0.r147
yii-user-0.3-r107
Thanks,
Marcos
Hi Luc! Thanks for your reply!
I just add the below line to my controller where I do images uploads by CSwfUpload, and I get Erro #2038 just in the first time that I try, then everything works.
public function allowedActions() { return '*'; }
Now I am trying to understand if this line will make my app unsafe. Do you know about it?
The .DOC and .PDF uploads still not working.
Thanks,
Marcos
I imagine that you are using the swfupload extension (I’ve never used it). Did you set in the widget call the correct allowed file extensions ?
In your controller (the one that is handling the uploads actions), comment all the stuff related to access control, does then the upload work well ? If not, the problem doesn’t come from Rights
For access control with Rights, you have to configure your controller as says in post 541 above. Then you can use Rights Web interface to allow or not the access to the controller upload action…
Okay this question is kind of stupid I guess, but:
rights is compatible with Yii’s default “accessControl”, but it’s maybe not perfect, right?
If I want to manage multiple admins via rights, I could use accessControl to determine which actions are allowed for everyone and which are allowed for registered users only, since accessControl’s “admin”-group is something different.
Then, I could use rights +adminAction1 +adminAction2 +adminAction3… as a secondary filter.
Whenever a logged-in standard user tries to access “adminAction1”, first accessControl let’s him through, but then right looks up the user’s permissions and denies him access.
(Meaning that rights automatically follows this ‘deny if I don’t have an explicit permission for you’-approach, which accessControl only gains from the deny-array.)
That said, the in most cases better option would still be to use right as the only filter for all actions, then create the according auth items within rights and use the RBAC-scheme for everything, I guess.
Thanks. It fixed the issue.
Hi, Chris!
Once again I want to say thanks for your work
And then I have a question: How do I enable pagination on /index.php?r=rights/authItem/permissions for example ?
Tried myself - nothing, please any help or tips
Thanks
hi!
I have installed according to documentation. for me it seems nothing really happens when I change an assigment. I’m sure I’m missing something because I’m a beginner. would you be so kind to help me?
sorry for disturbing, now I begin to get the picture. what was missing is changing to RController in Controller.php and put this into projectcontroller:
return array(
//'accessControl', // perform access control for CRUD operations
'rights',
cool ext!