[EXTENSION] srbac : Web interface for the administration of rbac

I guess you are using Yii 1.1x

This srbac version is for Yii 1.0.x branch

The Yii 1.1 compatible version will be available in the following days

I’m having an issue restricting users from doing things. I posted separately from this thread about allowing certain actions for non-logged-in guests. Spyros suggested the alwaysAllowed list, but my problem is that I want to restrict guests from doing stuff. Just to test, I commented out all the allowed items and the guest can still view the home page and go into different controllers, add/update, etc.

Let me use the blog demo for an example. Even if I do have this set up wrong, how would one go about saying a guest can view the homepage, but can’t view or list the Posts? The way my stuff is working now, I can’t see how to do that. I also have a user account to which I have given no privileges and he can still create new posts. Not sure why this would be possible. The database holds the assignments which reflect what I see in the srbac admin.

First of all how do you check for access priviliges?

Have you written manually the code or have you used the auto creation of auth items and extended SBaseController?

Second have you set srbac debug attribute to false?

I used the auto-creation wizard and then assigned roles, tasks and operations. I am not doing any manual checking for privileges. Debug is false.

Do your controllers extend the SBaseController in application.modules.srbac.controllers ?

You’re correct, I forgot to mention that. Thanks!

Yes, this was what I was missing. I started using srbac a few days ago and turned it off for other reasons, then in turning it back on and getting serious with it, I left that out. My bad. I still have other problems, but I have a better starting point now. Thank you.

srbac Version 1.0.3 + documentation in pdf format is available

http://code.google.com/p/srbac/downloads/list

Changes from version 1.0.2:

Enhancements

•Added imagesPack attribute.User can choose which pack of images to use for the srbac icons.

•Hovering over an authItem in authItems manager will show its description.

•If an action is in alwaysAllowed array will be ignored during the autocreation of authItems.

•Added srbac attribute imagesPath to set the path to the srbac icons (create, delete, admin etc).

•Custom srbac css can be placed not only in srbac/css directory but also in default application/css directory.

•Auto create checks if task exist and displays them or not in the create tasks list.

•Auto creating of modules controllers actions.

•listBoxNumberOfLines attributes controls the number of lines in assign tabview listboxes.

Bug Fixes

•Added a default unauthorized view in case the user has not defined one.

•Fixed an IE bug in autocreation view(Thanks to ‘idle sign’).

•Access is now always denied to guests, except if the current page is in alwaysAllowed array.

•Fixed php short tags in views/AuthItem/userAssignments.php.

•srbac should work now in linux os.

•Changed dataGrid class to srbacDataGrid so it won’t conflict with Yii dataGrid class.

Updates

•Added new icons and a control center top bar (Thanks to ‘idle sign’).

•Added new css styles and new ajax‐loader (thanks to ‘idle sign’).

•Added noia icons pack.

•Changed custom images path relative to webroot .

•Set default css to srbac.css.

•Changed allowedAccess() method in SBaseController to protected so it can be inherited.

•Updated spanish translation (Ricardo Obregon).

[color="#FF0000"]

[b]Note:

In latest Yii version there was a bug(??) in CPhpMessageSource.php so you had to modify a row in order to have translations working. This is not needed any more as it was fixed inside Srbac code.[/b][/color]

1.0.3 will propably be the last 1.0.x version of srbac, 1.1.0 version which is compatible with Yii 1.1.x will be available in the following days

Version in trunk

svn checkout http://srbac.googlecode.com/svn/trunk/

is the Yii1.1 compatible version of srbac , feel free to try it

hi,i got a problem when install Srabc.

With a first look I can see that the configuration is wrong

for example you have configured

<?php

// Your application's user class (default: User)

"userclass"=>"User",

// Your users' table user_id column (default: userid)

"userid"=>"user_id",

// your users' table username column (default: username)

"username"=>"user_name",


?>

But in User.php model

<?php

 * @var integer $userid

 * @var string $username

 * @var string $password

?>

So the config should be

<?php

// Your application's user class (default: User)

"userclass"=>"User",

// Your users' table user_id column (default: userid)

"userid"=>"userid",

// your users' table username column (default: username)

"username"=>"username",


?>

I will investigate further later

Also the fix you applied will always return that srbac is not installed

Srbac version 1.1.0 beta

http://srbac.googlecode.com/files/srbac_1.1.0_r78.zip

Enhancements

1.Yii 1.1 compatible

2.Clever Assigning: When assign operations to tasks you can click on Clever Assigning checkbox and

Assigned/Not Assigned listboxes will display only operations related with the currently selected Task

Please check if this fix is working for you

Replace the isInstalled() function with this one

<?php

 public function isInstalled() {

    try {

      $tables = Yii::app()->authManager->db->schema->tableNames;

      if(in_array(AuthItem::model()->tableName(), $tables)){

        return true;

      }

      return false;

    } catch (CDbException  $exc ) {

      return false;

    }

  }

?>

[s]Hi, using your latest SVN version (and Yii 1.1RC-dev), and trying to install SRBAC I get:

Property "CWebApplication.authManager" is read only.

No one else got this, so probably I’m doing something wrong. I’m following the setup guide for 1.0.3, perhaps there are things different for the Yii 1.1 version?[/s]

Stupid me… Dit not put authManager block in the components array… Still some other issues (like Yii version), but will try to figure that out.

From the Yii documentation about SRBAC:

If the 1.1 version supports this, forget this post.

If not, it would be very cool to make this assignments.

That would be complicated and difficult to display it in the assign tab view / listboxes.

To implement this I should drop the straight forward operation->task->role->user assignment and have an item->item->user assignment that would be very confusing to users.

If anyone has an idea how to implement this without making the graphical interface too complex I’d be glad to hear

Hello Spyros,

Today, I downlaoded the last version from SVN, I’ve tested on PHP 5.3, Apache 2.2, MySQL 5.1 on a Linux Server (Ubuntu karmic Server and Arch Linux), Yii 1.0.11-svn and 1.1-beta and almost everything is working fine, just one bug in ajax call to /srbac/authitem/getTasks

Undefined index: name

protected/modules/srbac/controllers/AuthitemController.php(276)

I’ve not checked the reason.

On the other hand, I noticed that some combos are not ordered alphabetically, I think this can be a very good plus for SRBAC.

In assign view:

Tab Users:

Combo Id: User_id

Tab Roles: (srbac/authitem/getRoles)

Combo Id: AuthItem_0_name

Tab Tasks: (/srbac/authitem/getOpers)

Combo Id: Assignments_itemname

Well, I think that’s all for now.

Note: I was testing “Clever assingment” checkbox… I still don’t understand what it should must to do.

PS: I was checking Firebug info, and I found that there is a bug:

It is loading by POST to this url: index.php?getCleverOpers

It’s fixed in svn.

The users combo is not sorted and I fixed it.

I can’t see a problem with the sorting of the other combos.Can you send me a screenshot of the combos with the wrong sorting?

Clicking the checkbox should display in the operations combo only the operations related with the selected task (eg if you have selected PostAdministrating task the operations combo will display only PostCreate, PostDelete etc )

But I can see that there’s a bug in the way I create the ajax call , it should be index.php?r=srbac/authitem/getCleverOpers

I’ll try to fix this.

Do you use any URL formating rules ?

I think tha clever assigning bug is fixed.

Please check the repository

Well I’ve downloaded the repo version, and It seems that it is working ok. Now I see what Clever Assignment does, very good idea.

I think everything is fixed now.

I’ve attached two files for you see the order of left combo (Roles list & Tasks list). Combos of right are ok (assigned & unassigned).

Very good work. It is working great.

Regards.

I had some issues with publishCss() at install (using default css). Could you check please? The path check seems wrong.

Besides that, the markWords() is nice, but since a lot of fields are htmlencoded, you see a lot of ‘<span style=‘color:red’>*</span>’ instead of a red star. perhaps better to put a sign only?

Scanning of module controllers doesn’t seem to work here, The left pane is nicely filled with the module controllers, but the Ajax call fails with a 404: The requested URL /srbac/authitem/scan/controller/property/PropertyController.html was not found on this server.

For non-module controllers everything works fine.