This idea is clear. My question was focused on using bizrules in your extension SBaseController. Am I right if I recognize that SRBAC use checkAcces in beforeAction, but without possibility to use additional parameters? But somehow it works. When I use some trivial bizrule (eg. 1==1 vers. 1==0) access is allowed / denied. But in this case I cant push some parameters ( as I wrote). If I follow your recommendation I would check access 2 times. The first in SBaseController::beforeAction and second in PostController::actionView. Is it OK ?
The SBaseController checking is used when you use the automatic creation of authItems so you don’t have to write any code in your controller so you can’t pass variables for bizRules.
This could be done by
Overriding the SBaseController’s beforeAction method and adding your checks with the variables (2 checks performed here)
Write your own beforeAction and not extending SBaseController (1 check)
Add a check in your action (and not extending SBaseController so checking will be performed only once).This way you have to write access codes for all actions as beforeAction automatic checking won’t be performed.
This needs some thinking.
Maybe you could override beforeAction and if there are bizRules to apply, perform your checking without calling parent::beforeAction($action), and if there are not buzRules call parent::beforeAction($action) so automatic checking is performed.
Is the last SVN version planned for working only with Yii 1.1? I say it because I downloaded the today’s svn version and I found that “safe” rule is not available in Yii 1.0.x.
I like this last version and is almost fully compatible with Yii 1.0.x, excepting this little detail. (Authitem.php, line 63)
However, I think that line can have a version check for being compatible with both Yii versions. What do you think?
Another bug with Yii 1.0.x (I’ve not tested with Yii 1.1):
Assigned and Unassigned lists are not being filtered. I’ve not checked the reason, but I will.
your 3 recommendation are adviseable. I have to choose.
Sorry, my brain is maybe too old. I didn’t understand your idea of Autocreate Auth Items. If this means, that I can insert auth data into database by pushing button in GUI than I can’t do that. I have all controllers in modules. I can see all controllers on URL /srbac/authitem/manage/manage. But only for the action from site controller which is in application root can create Auth Items and Viewing and Administrating task. Is it bug or feature or my dementia?
@vanki: Autocreate works great, but do you extend from SBaseController, or from CController in your modules, and using Yii V1.1?
@Spyros: Module controllers in a module subdir works fine now! Have not tested the subdirred controllers in the main controller path.
Only one small thing currently: the srbac.css file is always published into the view, so some of my Ajax calls get garbled up. Perhaps a setting publishCss = no would do the trick, or don’t force the publish in SrbacModule (preferred).
I don’t think that’s possible to use subdirectories in main controller’s path. Have you find a way? the rout subdir/controller/action looks for a subdir module.
I don’t get the thing with css. Css should be published only once in the assets, then Yii should not publish it again if it’s dir is there.
The controller subdirs in main controllers is probably not working. Have to say that I’m happy with it in modules, all admin stuff neatly tucked away in it’s own subdir.
About the css:
In the init() of SrbacModule you do $this->_cssPublished = Helper::publishCss($this->css);, and the helper will always generate a registerCssFile() when you extend the SBaseController, obviously also calling an Ajax action. Yii will automatically add this CSS to the view, even called with renderPartial().
Look in the Srbac admin Ajax returns, you will see that the link to the css file is included in the Ajax return. In a HTML Ajax is it not really damaging (only performance wise), but JSON/XML is affected if outputted through a view.
Yes, I did all you wrote. But when I click on scanning icon the right panel accurs only for that actions from controllers which reside in application root not from controllers from modules. But as Maxximus wrote I use Yii ver. 1.0.x. It could by a problem. In addition I use OpenSuse. Maybe problem too, maybe some my typo…
Nevertheless my biggest problem with bizrules you solved, auth item work fine, dont vaste your time.
vanki, the current version is only working with ver 1.1.x as far as I know. If you need Srbac for version 1.0.x you have to use version Srbac V 1.0.3. You can find this one in the repository under branches. I myself use and develop under Ubuntu, so your OpenSuse is not the issue.
I don’t know how far your app is developed (and deployment date), but I would suggest to try Yii 1.1.x and see if you have problems with your code. For future development (and speed increases) I really suggest to invest a little time to make your app 1.1.x compatible.
I only had to change little things to get my apps running on 1.1.x. Please take a look at upgrading to see if you can expect minor or major changes. Once again, if your app will be deployed in the future, it would be wise to use the (near) current version.
I added a check isCssFileRegistered() but it always returns false for me.Please check it. The next step is to not register css on ajax calls (But this could be a problem if whole srbac GUI is always called though ajax)
May I suggest that adding some prefix in front of the tables which srbac is using (eg. srbac_items…etc.) in the future release?
People may encounter the conflict of table names in database when trying to use srbac in their applications/projects.
srbac seems be able to help me for the auth. part in my project, but I am still struggling in learning yii itself and using srbac as part of my application since yii is my first php framework.
I have tried to use srbac with yii in my project by following the instructions in srbac_1.0.3_guide, but I got the error msg as ‘page not found’ when I try to access the url ‘http://hostpath/index.php?r=srbac’. Did anyone get a clue where I got wrong?
By the way, I found some typo in the guild article. (code directly copied from the pdf file)
'srbac' => array(
'userclass’=>'User', <==== the single quote of userclass is not complete
'userid’=>'user_ID', <==== the single quote of userid is not complete
'username'=>'username',
'debug'=>true,
'pageSize'=>10,
'superUser' =>'Authority',
'css'=>srbac_red.css', <==== lack of one side of single quote
'layout'=>'application.views.layouts.admin',
'notAuthorizedView'=>'application.views.site.unauthorized',
'alwaysAllowed'=>array(
'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',
'SiteError', 'SiteContact'),
'userActions'=>array(
'Show','View','List'),
'listBoxNumberOfLines' => 15,
'imagesPath' => 'images',
'imagesPack'=>'noia',
'iconText'=>true,
)
I have tried to use srbac with yii in my project by following the instructions in srbac_1.0.3_guide, but I got the error msg as ‘page not found’ when I try to access the url ‘http://hostpath/index.php?r=srbac’. Did anyone get a clue where I got wrong?
By the way, I found some typo in the guild article. (code directly copied from the pdf file)
'srbac' => array(
'userclass’=>'User', <==== the single quote of userclass is not complete
'userid’=>'user_ID', <==== the single quote of userid is not complete
'username'=>'username',
'debug'=>true,
'pageSize'=>10,
'superUser' =>'Authority',
'css'=>srbac_red.css', <==== lack of one side of single quote
'layout'=>'application.views.layouts.admin',
'notAuthorizedView'=>'application.views.site.unauthorized',
'alwaysAllowed'=>array(
'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',
'SiteError', 'SiteContact'),
'userActions'=>array(
'Show','View','List'),
'listBoxNumberOfLines' => 15,
'imagesPath' => 'images',
'imagesPack'=>'noia',
'iconText'=>true,
)
Firstly, great extension. Secondly, I was wondering if you know of a good way to check user permissions without running the same query 2 times (when extending SBaseController). For example, how would I go about checking permissions for several menu items within a view? Instead of using Yii::app()->user->isGuest, I would like to specify an operation for displaying user specific content within a view.
Is there someway you can check access without querying the database multiple times?
I like the idea that you mentioned about using your own beforeAction and not extending SBaseController (1 check). However, this only works for checking permissions within the controller.
I haven’t looked too closely at your code yet so please let me know if there is already a method for doing this.
