[EXTENSION] Rights

c-s-h · November 15, 2010, 10:56pm

Hi!

I’m trying to use this extension in my webapp but something strange is going on.

First, I got this error: (I’m using YiiDebugToolbar too)


[15-Nov-2010 22:44:47] PHP Fatal error:  Allowed memory size of 41943040 bytes exhausted (tried to allocate 877324 bytes) in C:\Program Files\Zend\Apache2\htdocs\protected\extensions\yiidebugtb\XWebDebugRouter.php on line 219

I really like this toolbar, so I changed memory limit to 100M and now I see what is the problem… I’ve got over 2k sql queries! Like this one: (each the same)




Querying SQL: SELECT name,t1.type,description,t1.bizrule,t1.data,weight

FROM AuthItem t1

LEFT JOIN AuthAssignment t2 ON name=t2.itemname

LEFT JOIN AuthItemWeight t3 ON name=t3.itemname

WHERE t1.type=:type AND userid=:userid

ORDER BY t1.type ASC, weight ASC

There is 2205 users in my database right now, but I hope this is some kind of bug, right?

config:




...

'user'=>array(

			'class'=>'application.components.WebUser',

			'allowAutoLogin'=>true,

			'autoRenewCookie'=>true,

		),

...

'authManager'=>array(

            'class'=>'RightsAuthManager',

            'connectionID'=>'db',

        ),

...

'modules'=>array(

		'rights'=>array(

			'install'=>true,

		),

...

WebUser of course extends RightsWebUser.

Any idea what I’m doing wrong?

Thanks in advance!

Chris83 · November 16, 2010, 7:45am

Removed code-tags from the quote.

Hello c-s-h,

Sounds very weird that you have over 2000 queries. Are all the queries similar to the one you mentioned?

I’m not sure what the issue is… Could you give me some more info so that I can help you.

jacmoe · November 17, 2010, 8:49am

Sorry about lateness - but when #content is not padded:

949

No matter what, you can’t click on the dropdown - it’s locked.

Using padding 20px in #content :

950

The dropdown doesn’t care about padding in the update role page though, so maybe it has something to do with the layout?

luc · November 17, 2010, 4:58pm

Co-k-ine:

Hello,

I have restaure original setting, but it does not work !

In my configuration file I have :
<?php

	'components'=>array(

		'user'=>array(

			'class'=>'RightsWebUser',

			// enable cookie-based authentication

			'allowAutoLogin'=>true,

		),

                 ...

            );

?>
For my auth extension, I use yii-user, Have you an idea to solve my problem ?

Thanks for your help.

Hello

for your problem with the menu, after a fresh install, you have to edit _menu.php and change all the access control filter to:


'visible'=>Yii::app()->user->checkAccess('Admin'),

Chris83 · November 17, 2010, 7:09pm

Actually, there was a bug that caused the logged in user to not be marked as a superuser after having installed Rights and therefore did not have access to see the menu. This has been fixed in the newest revision.

However, you will see the menu if you logout after installing and re-login, because then you will be marked as a superuser. (it’s a state for the logged in web user.)

Please don’t change any files within the module or you’ll have trouble when updating the module.

Sorry for the inconvenience.

luc · November 18, 2010, 1:40pm

Hi CHris,

first af all, many thanks for your extension, it works well.

Except for the problem mentionned above.

I did a fresh install of rights plugin. And even after login out and login in, the menu did not appear for the admin user. This is because ‘rights’ install process does not create all the AuthItem (‘RightsAssignments’, ‘RightsPermissions’, ‘RightsAdministration’ and so on)

Chris83 · November 18, 2010, 2:16pm

Actually that’s not the issue, because checkAccess will always return true if currently logged in user is a superuser. If you don’t see the menu your user is most likely not a superuser, please check the AuthAssignment table in the database.

luc · November 18, 2010, 2:46pm

Hi again

First, I’ve installed ‘yii-user’ for user management. They were by default two users: demo and admin wich is a superuser.

After that, I’ve installed ‘rights’. Installation proces creates two roles “Admin” and “Authenticated”, and in the AuthAssignment table, user admin is assigned to Admin role …

Chris, I’m sorry but I have another question. See below !

luc · November 18, 2010, 2:56pm

Well,

basically, I can use this extension for CRUD action acces control.

Now, I want to restrict "update" action to Authenticated user to their own content.

I’ve got a Content model with an user_id foreign key. Relations are defined in both Content and User model

I’ve created a Content.Update.Own AuthItem, and I’m struggling with the definition of the bizRule.

The one I’ve tried (this work not):


Yii::app()->user->id==$_GET["content"]->user_id;

In the log, I can see that my Content.Update.Own is not evaluated …

jacmoe · November 18, 2010, 2:58pm

Is Content.update a child of Content.update.own ?

I think it should be.

luc · November 18, 2010, 3:26pm

You’re right, thank you.

Content.Update.own is now evaluated but the bizRule is nit the good one.

jacmoe · November 18, 2010, 3:44pm

Shouldn’t the rule be:


Yii::app()->user->id==$params["post"]->user_id;

?

nayjest · November 18, 2010, 5:54pm

I suggest to replace this (RightsFilter.php, line 29):


if( in_array($action->id, $this->_allowedActions)===false )

to this:


if( !in_array($action->id, $this->_allowedActions) and !in_array('*', $this->_allowedActions) )

because:

I want to have posibility to allow all actions in controller that is nested from controller class with ‘rights’ filter. (Redefining of filters is ugly decision, because I have many usable filters defined in parent class)
in_array() always return boolean, so ===false is redundant

luc · November 18, 2010, 9:55pm

Unfortunately not …

I think my problem is not specific to the rights extension, so I started a new topic here

everyman · November 19, 2010, 5:42pm

How does Guest role work in Rights?

I assigned Controller.Index (User.Index) to Guest, however, looks like it is not working.

Then I set a bizrule to Guest (return Yii::app()->user->isGuest;), still no way to make it working.

Btw, Yes, allowedactions works, but what about if I would like to manage it all from the Rights Module and has no access to files themselves?

jacmoe · November 19, 2010, 6:04pm

Make sure that the action inherits RightsBaseController.

What I do is let my Controller class inherit it, and thus all my controllers.

And the filter should be ‘rights’:


	public function filters()

	{

		return array(

			'rights',

		);

	}

accessRules functions can be removed.

Now it uses allowedActions:


	public function allowedActions()

	{

		return 'index, view';

	}

Only then you can expect it to function.

After those modifications, you can control everything from the Rights admin interface.

It doesn’t work out of the box with Gii-generated code.

everyman · November 19, 2010, 6:08pm

UserController extends RightsBaseController

and filter has an array which has ‘rights’ value.

still it does not work,

allowedActions works tho, FYI.

So, Do I need to declare them in allowedActions anyway?

everyman · November 19, 2010, 6:15pm

I revoked permission of the action User.Index from the list for Guest,

and activated allowedActions to show ‘index’ it works, so setting permission for guest in DB is unnecessary?

But, then again, what if I don’t want to control all access (including Guest permission) from browser via Rights Module?

jacmoe · November 19, 2010, 6:16pm

I just tested that it works:

Removed ‘index’ from allowedActions and checked that myController.Index permission was assigned to Guest.

So it definitely works.

Did you assign directly to the Role ?

I am using the Permissions menu (the grid).

everyman · November 19, 2010, 6:24pm

(Parent) (Child)

Guest User.Index

Controller is registered for Guest, not working, tho.

I tried to set a bizrule for Guest role, still, no way.

What am I doing wrong?

(No I used Right Module/Panel, didn’t set values manually, but, checking whether the values are set thru PhpMyAdmin)