Now I’m not sure how ‘gii’ is associated to my module. Could you elaborate a bit? I checked the packages and both the source and the demo installation seemed fine.
Now I’m not sure how ‘gii’ is associated to my module. Could you elaborate a bit? I checked the packages and both the source and the demo installation seemed fine.
I also facing the same problem… but now it works (after restart apache).
When I use ‘Id’ (not ‘id’) as my user id column, i got an error. Then I change file RightAuthorizer.php
around line 303
public function getSuperusers()
{
$nameColumn = $this->_userNameColumn;
$superusers = array();
foreach( $this->_user->findAll() as $user )
{
$items = $this->getAuthItems(CAuthItem::TYPE_ROLE, $user->id);
...
become
public function getSuperusers()
{
$nameColumn = $this->_userNameColumn;
$idColumn = $this->_userIdColumn;
$superusers = array();
foreach( $this->_user->findAll() as $user )
{
$items = $this->getAuthItems(CAuthItem::TYPE_ROLE, $user->$idColumn);
...
And around line 323
public function isSuperuser($userId=null)
{
$user = Yii::app()->getUser();
if( $user->isGuest===false )
{
if( $userId===null)
$userId = $user->id;
...
become
public function isSuperuser($userId=null)
{
$idColumn = $this->_userIdColumn;
$user = Yii::app()->getUser();
if( $user->isGuest===false )
{
if( $userId===null)
$userId = $user->$idColumn;
...
Then it works…
Is that safe when I changed $user->id like snippet above?
Thanks in advance for this extension.
~Saiful
Hello saiful,
The changes you mentioned has already been done in the current version (in svn). I noticed them a while ago. I actually did exactly the same changes, so yes it’s safe to change the code like you did. 
I’m currently working on getting this to work with a behavior but I’ve hit a wall. I haven’t received an answer on the thread I posted recently. The thread can be found here:
Hi Chris,
I have replied to the thread you mention above … hope this will help 
ciao
Hello Chris,
having some trouble to install Rights on clean yiic application. My config/main.php:
<?php
// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');
// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
'name'=>'My Web Application',
// preloading 'log' component
'preload'=>array('log'),
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
'application.modules.rights.components.*',
),
// application components
'components'=>array(
'user'=>array(
// enable cookie-based authentication
// 'allowAutoLogin'=>true,
'class'=>'RightsWebUser',
),
'authManager'=>array(
'class'=>'RightsAuthManager',
// 'class'=>'CDbAuthManager',
// 'connectionID'=>'db',
),
'db'=>array(
'connectionString' => 'mysql:host=localhost;dbname=test',
'emulatePrepare' => true,
'username' => 'test',
'password' => 'passwd',
'charset' => 'utf8',
),
'errorHandler'=>array(
'errorAction'=>'site/error',
),
'log'=>array(
'class'=>'CLogRouter',
'routes'=>array(
array(
'class'=>'CFileLogRoute',
'levels'=>'error, warning, info',
),
array(
'class'=>'CWebLogRoute',
),
),
),
),
'modules'=>array(
'gii'=>array(
'class'=>'system.gii.GiiModule',
'password'=>'passwd',
'ipFilters'=>array('192.168.*'),
),
'rights'=>array(
'install'=>true,
),
),
'params'=>array(
'adminEmail'=>'webmaster@example.com',
),
);
When I try to access index.php?r=rights it throws me an exception:
Thanks in advance,
cbi
Hello cbi,
I assume you did not create ‘user’ table.
So create table ‘user’, create the model and try it again.
Please check this post:
Hello Chris,
I have an admin menu scenario like this:
Group Label
Menu Item 1
Menu Item 2
Menu Item 3
I need to show Group Label if one/all of Menu Items allowed.
Is there any efficient way other than like this one?
if(Yii::app->user->checkAccess('Menu Item 1')
|| Yii::app->user->checkAccess('Menu Item 2')
|| Yii::app->user->checkAccess('Menu Item 3') || )
{
/* Show Group Label */
}
Thanks…
Hello saiful,
This is not really related to the module but I would do it using the visibility like this:
'visibility'=>Yii::app->user->checkAccess('Menu Item 1') || Yii::app->user->checkAccess('Menu Item 2') || Yii::app->user->checkAccess('Menu Item 3'),
Does this answer your question?
Yes, that should work just like my code (using if statement).
Is there any other method that simplify it?
I thought I should create extension for this.
Helo,
i don’t know any other way to do this… but actually i don’t think it is so complicated… the visibility attribute is intended to do exactly what you need to do, and the trigger is based on permission, so that’s the way!
it would actually be great whether menus were automatically created this way. it could be fun to create an extension that triggers the visibility for every menu item… but i wouldn’t know where to start from 
greetings
Hello joeysantiago,
i would like to use:
if (Yii::app()->user->checkAccess('user.%'))
{
/* some logic */
}
better than:
[code]if (Yii::app()->user->checkAccess('user.index') || Yii::app()->user->checkAccess('user.create')
|| Yii::app()->user->checkAccess('user.update') || Yii::app()->user->checkAccess('user.delete')
|| Yii::app()->user->checkAccess('user.view'))
{
/* some logic */
}
And after i enable sql profiler, Rights create sql like this
Querying SQL: SELECT * FROM AuthItem WHERE name=:name. Bind with parameter
:name='user.index'
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsWebUser.php
(41)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsFilter.php
(43)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsBaseController.php
(36)
if I can change name=:name to name LIKE :name then i can use any mysql wildcard.
But i can’t find it where…
Any clue?
THanks…
mhm… can’t you create a task whose children are all of the operations you want to check, then check the task?
i think you should change the core in order to have a LIKE in stead of an =, but i’m not sure… probably you could create a class that extends CAuthManager and change the code of checkaccess function? it doesn’t sound such a clear approach… i’d better go for the task and use ‘visibility’ in stead of the if statement.
Here what i’ve done:
Create task: User Management
Assign operation
[list=1]
[]user. (User Controller)
[*]user.index (User Index)
[*]user.create (User Create)
[*]user.view (User View)
[*]user.update (User Update)
[*]user.delete (User Delete)
[/list]… as User Management’s children.
Then i assign ‘demo’ user whose already has ‘Authenticated’ role with specific permission to view users.
When I checkAccess(‘User Management’), it returns false. But when I assign ‘demo’ user to have ‘User Management’ task it returns true.
That’s not what i want.
i only need ‘demo’ user has view permission, but it can show menu group header label “Manage User”.
in the future, maybe i need to grant ‘someuser’ to have create permission, without view, and still can show group header label.
Is that in CAuthManager? not in Rights module?
Thanks in advance.
Brilliant. Thank you!
cbi
ok, now i see…
then i can’t think of any simpler way then the if statement Chris suggested.
Rights module uses CwebUser::checkAccess, but the latest uses CAuthManager::checkaccess as stated in here: http://www.yiiframework.com/doc/api/CWebUser#checkAccess-detail
So, i’d go for the if sorry for not being able to help you!
Hello saiful,
In your case you must actually check for each separately with or but I’m sure you can do it some other way to avoid this.
Of course you can also create a function in e.g. the user model that checks if the user has any of the listed permissions. Just remember to call Rights through its static class ‘Rights’, e.g. Rights::module() when using it from the outside.
Rights doesn’t do any SQL queries except to allow for authorization item sorting. So yes, it’s the CDbAuthManager which does the queries (which RightsAuthManager extends).
Sorry,
Dunno how it happened but totally wrong thread lol. My apologies
I’ll check later… since I’m still learning… 
For now I’ll try what you suggested earlier and another way to avoid more coding… (hehehe)
To reduce typing i use this following trick http://www.yiiframework.com/doc/cookbook/31/
and add:
function ca($params)
{
return Yii::app()->getUser()->checkAccess($params);
}
I tested two alternatives for 4 menu items:
[list=1]
[*]Your suggestion, checking each Menu Items permission
[*]Creating an operation item called ‘GroupMenu’ and made it as child of each item menu
[/list]
And here’s my simple benchmark result:
Initial State (without item menu permission assignment and checking)
Check Each Menu Item
Using Group Menu
It seems i shoud use each item checking.
Thanks Chris and joesantiago.
The rights module is really good. But I lack one feature, and that is that it doesn’t scan subfolders in the controllers folders.
@saiful: Interesting benchmarks, thanks for sharing. I’m glad to help if you require further assistance.
@krillzip: You make a very good point! I’ll fix that as soon as possible. I already have a lot of improvements in the development branch but I think I can fit this minor fix in as well. Have you written the additional code for the RightsGenerator already or?
Edit:
I’ve done the changes and in the next version that is planned to be released within a few days the generator will also find controllers in subfolders.