[EXTENSION] srbac : Web interface for the administration of rbac

The db is used internally by Yii authManager so you can't change it

What do u mean?

Yii is  only interpritate logik  and  use  data  strored in its 3 tables.

If  add column srbac_id in each table,  it give

I am not sure that CDbAuthManager will work correctly if you change the structure of the 3 tables it uses.

Updated the extension to srbac beta with the following changes

Bug Fixes:


[*]Fixed udefined variable errors

[*]Fixed showing all items in the assigned and in the not assigned panels when accessing the

assign page for the first time

[*]Fixed errors when pressing ‘<<’ or ‘>>’ with a wrong selection of items

[*]Wrong tab display after an assignment




[*]You can select if demo data will be created in install

[*]All assignments calls are made in ajax

[*]You can set the name of the Authorizer authItem

[*]You can update the names of the auth Items



Srbac Extension

Updated the extension to srbac beta2 with the following changes



[*]You can delete auth items

[*]New ajax driven web interface for the administration of auth items



Srbac Extension

Looks nice. Maybe I’ll give it a try with my next project. :)

But what I’m missing is a view, that shows which user can perform which operations. Currently one can only click user by user to see what roles are assigned to them. Then one can switch the tab and have a look at the roles - one by one - to see what tasks are assigned. This repeats for the operations.

Alltogether, this is convenient for assigning authItems to each other, but not to get an impression of who is allowed to perfom which action. Is this something you plan to add in a future release?

Yes a tree view with the assigned items of each user is planned for the next release

Update beta 3


View Roles / Tasks / Operations assigned to users


Nice to see progress. Thank you for this job :slight_smile:

Definitely. :)

Looks good with all browser I have installed( FF3.5, IE8, Safari3.1.1, Chrome 2.0), except Opera 9.6.4. See screenshot.



Please could you try the fixed I attached with Opera?

Looks much better now. There is still a small difference between Opera and the other browsers: Opera seems to begin the table that contains the operations in a new line, which causes a bit space right above the table which isn’t shown in other browsers. But I don’t think this is (nor do I think it might become) a problem. So thanks for the quick fix. :)

Some other things I came across while installing the module (hooray, now I know how to work with modules!):

  1. Need for CDbAuthManager. Shouldn’t this module work with all the authManagers? It displays, creates and administrates authItems, I think this should be possible with every implementation of IAuthManager.

  2. Related to the first point; Need for user class being an CActiveRecord. I fell over this in the view that displays the assignments. It calls findAll() to get the list of users. Although I have to admit that I have no clue how this could be solved properly, I think it might raise the reusability of the module if you could provide a more generic way to get the users list. I didn’t find something like an IUserManager that would be able to provide the needed methods, but maybe I’m missing something.

  3. The tasks shown in the attachement (except the manageUsers task) are actually operations assigned to the role "admin". I know you currently only support role to user, task to role and operation to task, but I think this can be filtered.

All good things come in threes, so I guess this is enough for now and keeps you busy. ;)

Keep up good work, I really like this module and think it is a mandatory that can be usefull for nearly every web application!

Fixed layout in Opera:



I’ ve found a small error. If SRBAC is not in debugmode, I get following error, when a not-Authorizer-user tries to access SRBAC:

2009/08/13 13:47:55 [error] [system.db.CDbCommand] Error in querying SQL: SELECT * FROM `assignments` WHERE itemname = Authorizer LIMIT 1

2009/08/13 13:47:55 [error] [exception.CDbException] exception 'CDbException' with message 'CDbCommand failed to execute the SQL statement: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'Authorizer' in 'where clause'' in C:\xxxxxxxx\yii108\framework\db\CDbCommand.php:322

After changing line 173 of helper.php into

$criteria->condition = "itemname = '".Yii::app()->getModule('srbac')->superUser."'";

I get the normal "Unauthorized"-message.



Ok, after I press "Install"

I get the message to overwrite srbac, which is fine.

If I click on "Overwrite", I got this errorMessage:


Install Srbac

Error while installing srbac.

Please check your database and try again


whats going wrong there?

If it helps, after this steps I can only see items table in my database.

When I try to start the installation it keeps telling me that the AuthManager is not installed.

I can login so it’s installed :)

As far as I can see a Exception is thrown due to missing "CDbAuthManager.superUser is not defined."

Running on Win Vista and IIS7, Yii v1.08

@rabol it is a problem in the Documentation, superUser should be in the srbac module array, instead of the authManager array.

Anyone have a clue about my Problem above?

Thanks sebi!

After correcting that I get the same error as you :)

It’s a SQL error, if you add var_dump($ex) in the catch { at line 285 of srbac/components/Helper.php you can see this;

CDbCommand failed to execute the SQL statement: SQLSTATE[23000]: Integrity constraint violation: 1217 Cannot delete or update a parent row: a foreign key constraint fails"

I’ll try to find a solution and let you know.

The problem is that the installation procedure don’t delete existing tables in the correct order:

the correct order is:

  &#036;db-&gt;createCommand(&quot;drop table if exists &quot;.&#036;assignmentTable.&quot;;&quot;)-&gt;execute();

  &#036;db-&gt;createCommand(&quot;drop table if exists &quot;.&#036;itemChildTable.&quot;;&quot;)-&gt;execute();

  &#036;db-&gt;createCommand(&quot;drop table if exists &quot;.&#036;itemTable.&quot;;&quot;)-&gt;execute();

in line 226 of the /modules/srbac/components/Helper.php

Have in mind that this extension will not work with error_reporting(E_ALL) as it uses several uninitialized variables, the developer must be a young guy :) :) :)

Jap, still doesn’t work for me with the same errormessage above.

I think there are also other Problem(s)?