Hi,
Which version of srbac do you use?
What message do you get when publishing the css?
Do you use any url formating rules?
What’s the path of your modules?Are in the default modules directory? Do you use nested modules?
Thanks
Hi,
Which version of srbac do you use?
What message do you get when publishing the css?
Do you use any url formating rules?
What’s the path of your modules?Are in the default modules directory? Do you use nested modules?
Thanks
Hi,
[color="#000080"]- Which version of srbac do you use?[/color]
Srbac SVN 105 on Yii 1.1 SVN
[color="#000080"]- What message do you get when publishing the css?[/color]
At install time: ‘There is an error in your configuration’. I extended the error info a bit with the key out of the $this->module->getAttributes(). Looking at the helper function publishCss() I removed the if($cssFile == “css/”.$css) and after that the registration of the CSS went fine.
[color="#000080"]- Do you use any url formating rules?[/color]
Yes I do: urlFormat = path. Changing the actionScan() and actionAuto() (using a dash instead of a slash) did the trick.
[color="#000080"]- What’s the path of your modules?Are in the default modules directory? Do you use nested modules?[/color]
Path is the default path, no nested modules (yet).
Hope the above is useful for you.
One suggestion/feature request: alwaysAllowed is now in the config file. Perhaps there is a way to create an isGuest role, and assign the alwaysAllowed with the GUI?
Especially with lots of controllers and modules the alwaysAllowed can grow quite a bit. Currently I solve this by creating alwaysAllowed controllers (not using SBaseController) and protected controllers (with SBaseController), but perhaps you have found a better way.
Thanks, I’ll check them and I’ll update the code in SVN when fixed
I made the alwaysAllowed attribute to accept a path alias to a php file that returns an array.
(SVN r106)
So you can do:
in config
<?php
"alwaysAllowed"=>"application.components.alwaysAllowed"
?>
and in alwaysAllowed.php
<?php
return array(
'SiteLogin',
'SiteLogout',
'SiteIndex',
'SiteAdmin',
'SiteError',
'SiteContact');
?>
I couldn’t reproduce the css error but I made some changes. Please check and tell me if there’s still a problem (SVN r107)
Using url formating causes the error when scanning modules. I fixed it using a _ instead of / as you did. (SVN r108)
Thanks! CSS works fine now, Url formatting is working fine, alwaysAllowed is an improvement, although maybe in a future version it could be editable in the GUI perhaps.
One other feature request: in SBaseController::beforeAction() as a standard behavior send guest users to the login page instead of a 403, or put that part in a separate function so that it is easy to override (I like to keep srbac untouched for easy upgrade).
And the last request 
: Please remove the closing PHP string at the end of the classes (?>) in Helper, SBaseController to prevent unwanted spaces in the output.
I think I now see what you mean. Something like creating the alwaysAllowed actions not by editing the source files but from the GUI.That’s really useful.
It could be added as an attribute (redirectToLoginPage or something) or better as a protected onUnathaurizedAccess method .
Yes, sure!!!
SVN r111
Trailing ?> removed, roles and tasks are ordered in Assign tabview and protected onUnauthorizedAccess method is added in SBaseController.
Cool, thanks! Will check it out today.
I also added an experimental GUI for editing the always allowed list.
To use it do not set the alwaysAllowed attribute in the module’s config (or use ‘alwaysAllowed’=>‘gui’).
I saves an allowed.php file in srbac/components dir.
I haven’t tested it on Linux so there could be problems with permissions, if anyone test it please let me know.
Did not had the chance to work with the latest version yet, hope to do this tomorrow.
One Q about Autocreate: currently it is not supporting (module) controllers in a subdirectory. Was planning to use it to get things tidy (separate admin controllers from normal controllers). Do you see a possibility to include these controller-subdirectories in the Autocreate?
Not entirely on-topic: For me it’s still a bit unclear what is the best way for admin controllers, the ‘Backend’ way (not supported with SRBAC, tried it), a separate Admin module (becomes messy after a while, especially with many modules), or the above way, an ‘admin’ subdirectory under (module) controllers, and an admin module to tie the different module admins together. Mixing admin/frontend actions in one controller is a bit messy for my taste.
Care to share your opinion on this?
Do you having subdirectories in the controller’s directory like this?
/controller
…controllers
/admin
..admin controllers
/users
...user controllers
Is this supported by Yii?
Srbac scanning just looks in the controller’s directory fon *Controller.php files. It could recursively look in subdirectories but I don’t know if Yii supports subdirectory controllers
Well, did not yet use it, but got it out the guide:
Tip: If a controller is in a sub-directory of controllers, we can still use the above route format. For example, assuming PostController is under forum/controllers/admin, we can refer to the create action using forum/admin/post/create.
So I suppose it is supported.
OK, I’ll look into it
I commited some changes to SVN including scanning of subfolders in app and module controller’s directories.
The auth items are now named like this
[MODULE_][SUBDIR.][CONTROLLER][ACTION]
module and subdir are optional
eg
Users_admin.UserEdit (module users, subdir admin)
Users_UserView (module users, no subdir)
SiteIndex (no module, no subdir)
I’ve checked the last svn version, It’s working fine. I liked the implementation of automatic creation of Modules Authitems. Iĺl be testing today. Also, I’ve uploaded the updated spanish translation and a little bug fix in the view assign.php (svn r127).
Ricardo
Great! all is working really well. Small GUI thing: in assign the names for tasks/roles are getting pretty long, you can’t see them fully anymore. Would suggest larger srbac div, dropdowns and smaller font.
There is an issue currently with controllers in subdirectories. There is probably something wrong with uppercase/lowercase. I presume the $access should be the AuthItemCild.child field.
Currently the composed $access key is [module][Subdir]/[controller][Action], while in the db it’s like: [module]_[subdir].[Controller][Action] (please look at the UC/lc).
The access checking for controller’s in subdirs should not work as I haven’t implented it in SBaseController yet.
I set the width of the dropdowns to 100%.
SVN r128
Access checking in modules subdirectories should work in the latest SVN.
I couldn’t find how to call a controller in a subdirectory of application.controllers, do you have any idea?
Hi guys.
Sorry for stupid question, but I’m really tired reading through all posts about SRBAC 
(I spent 2 days). Can you point me out to some example (or clean explanation) of using the bizrules in SRBAC? Specially how to pass variables into the bizrules.
Thanks a lot.
Vanki
Let’s say you have a Post controller with a view action and you want a rule where only posts with an id > 100 can be viewed.
You should create an authItem viewNewPosts with a bizrule with the value
"return $params["post"]->id > 100"
Then in your Post controllen in actionView you should have:
<?php
public function actionView(){
//Load the post data
$params = array("post"=>$this->loadPost());
if(Yii::app()->user->checkAccess('viewNewPosts ',$params){
// Display the post
} else {
// Display not authorized page
}
}
?>