[EXTENSION] srbac : Web interface for the administration of rbac

Yii 1.1 Extensions
601

I got it fixed. I found out that in my UserIdentity doesn’t have the username assignment ($this->username=$user->username) which I think it caused the problem. Thank you for kind support

602

I’m having trouble configuring srbac.

The installation itself has been a rocky road until I figured out as User Class was needed. It would be helpful to include a list of requirements into the manual.

Now I’m struggling with the configuration of the UserIdentity.php file. How do I combine the authentication (currently through LDAP) with the authorization of srbac?

Once the debugging mode is set to false the following error 500 message appears:

[color="#FF0000"]array_merge() [<a href=‘function.array-merge’>function.array-merge</a>]: Argument #1 is not an array[/color]

The same message also appears when accessing controllers that extend SbaseController (either with debugging mode set to true or false).

Any help would be greatly appreciated

603

Can you post your srbac configuration here?

604

return array(

'basePath'=&gt;dirname(__FILE__).DIRECTORY_SEPARATOR.'..',





// preloading 'log' component


'preload'=&gt;array('log'),





// autoloading model and component classes


'import'=&gt;array(


	'application.models.*',


	'application.components.*',


	'application.modules.authorization.components.*',


	'application.modules.srbac.controllers.SBaseController',


),





// application components


'components'=&gt;array(


	'user'=&gt;array(


		// enable cookie-based authentication


		'allowAutoLogin'=&gt;true,


		'class' =&gt; 'WebUser',


	),


	// uncomment the following to enable URLs in path-format


	'urlManager'=&gt;array(


		'urlFormat'=&gt;'path',


	),


	// uncomment the following to use a MySQL database


	/**/


	'db'=&gt;array(


		'connectionString' =&gt; 'myconnection',

// ‘emulatePrepare’ => true,

		'username' =&gt; 'myusername',


		'password' =&gt; 'mypassword@',


		'charset' =&gt; 'utf8',


	),


	'authManager'=&gt;array(


		// The type of Manager (Database)


		'class'=&gt;'CDbAuthManager',


		// The database component used


		'connectionID'=&gt;'db',


		// The itemTable name (default:authitem)


		'itemTable'=&gt;'items',


		// The assignmentTable name (default:authassignment)


		'assignmentTable'=&gt;'assignments',


		// The itemChildTable name (default:authitemchild)


		'itemChildTable'=&gt;'itemchildren',


	),





	/**/


	'errorHandler'=&gt;array(


		// use 'site/error' action to display errors


        'errorAction'=&gt;'site/error',


    ),


	'log'=&gt;array(


		'class'=&gt;'CLogRouter',


		'routes'=&gt;array(


			array(


				'class'=&gt;'CFileLogRoute',


				'levels'=&gt;'error, warning',


			),


			// uncomment the following to show log messages on web pages


			/*


			array(


				'class'=&gt;'CWebLogRoute',


			),


			*/


		),


	),


),


'modules'=&gt;array(


	'srbac' =&gt; array(


		'userclass'=&gt;'user', //optional defaults to User


		'userid'=&gt;'user_id', //optional defaults to userid


		'username'=&gt;'user_login', //optional defaults to username


		'debug'=&gt;true, //optional defaults to false


		'pageSize'=&gt;10, //optional defaults to 15


		'superUser' =&gt;'Authority', //optional defaults to Authorizer


		'css'=&gt;'srbac.css', //optional defaults to srbac.css


		'layout'=&gt;


		'application.views.layouts.main', //optional defaults to


		'notAuthorizedView'=&gt;'application.views.site.login', // optional defaults to


		'userActions'=&gt;array(//optional defaults to empty array


		'Show','View','List','Delete'),


		'listBoxNumberOfLines' =&gt; 15, //optional defaults to 10 'imagesPath' =&gt; 'srbac.images', ),


),

);

605

Under the error is the sourcefile trace with the line containing the error

can you post it here?

606

I don’t have any other error info. Just

[color="#FF0000"]array_merge() [<a href=‘function.array-merge’>function.array-merge</a>]: Argument #1 is not an array[/color]

k, with a little tweaking:

#0 /var/www/web528/web/yii/hallintaa/protected/modules/srbac/SrbacModule.php(170): array_merge()

#1 /var/www/web528/web/yii/hallintaa/protected/modules/srbac/controllers/SBaseController.php(70): SrbacModule->getAlwaysAllowed()

#2 /var/www/web528/web/yii/hallintaa/protected/modules/srbac/controllers/SBaseController.php(43): ItemsController->allowedAccess()

#3 /var/www/web528/web/yii/framework/web/CController.php(298): ItemsController->beforeAction()

#4 /var/www/web528/web/yii/framework/web/filters/CFilterChain.php(129): ItemsController->runAction()

#5 /var/www/web528/web/yii/framework/web/filters/CFilter.php(41): CFilterChain->run()

#6 /var/www/web528/web/yii/framework/web/CController.php(999): CAccessControlFilter->filter()

#7 /var/www/web528/web/yii/framework/web/filters/CInlineFilter.php(59): ItemsController->filterAccessControl()

#8 /var/www/web528/web/yii/framework/web/filters/CFilterChain.php(126): CInlineFilter->filter()

#9 /var/www/web528/web/yii/framework/web/CController.php(283): CFilterChain->run()

#10 /var/www/web528/web/yii/framework/web/CController.php(257): ItemsController->runActionWithFilters()

#11 /var/www/web528/web/yii/framework/web/CWebApplication.php(320): ItemsController->run()

#12 /var/www/web528/web/yii/framework/web/CWebApplication.php(120): CWebApplication->runController()

#13 /var/www/web528/web/yii/framework/base/CApplication.php(135): CWebApplication->processRequest()

#14 /var/www/web528/web/yii/hallintaa/index.php(12): CWebApplication->run()

607

Maybe you have to set yii to debug and check the logs

Also check if the file srbac/components/allowed.php exists

608

That file exists and is writable, but empty. I added some extra error-messages in my previous post.

609

That file shouldn’t be empty

Delete it so srbac will create it again or add this in the file




<?php

return array();

?>

I will add a fix for this

610

When is SRBAC going to get its own forum? Searching through this single thread is ridiculous.

Anyways, I’m having multiple issues with SRBAC at the moment. Firstly, in SBaseController, checkAccess($access) for non-crud actions isn’t working. The $access variable appears to be blank, so it always ends up denying access. After creating this a new function, I went to the SRBAC interface and created the operation for the new action. But it doesn’t seem to work with the controller. I worked out a crude solution, but I don’t understand why this comes up blank.




/* SBaseController.php > beforeAction() */


// Check for srbac access

if(!Yii::app()->user->checkAccess($access) || Yii::app()->user->isGuest) {

  $this->onUnauthorizedAccess();

} else {

  return true;

}

/* IN ABOVE, $access IS BLANK FOR MYCONTROLLER->ACTIONLISTBYTYPE */


/* HERE IS MY SOLUTION */

/* MyController.php overrides onUnauthorizedAccess() */

if($_GET['r']=='mycontroller/mynewaction' && Yii::app()->user->checkAccess('Mycontroller/Mynewaction')){

  $this->actionMyNewAction();

}else{

  parent::onUnauthorizedAccess();

}

/* I KNOW I SHOULDN'T BE DOING THIS, BUT IT DOES WORK */

The other problem I’m having is that when denying access, the menu variable is blank in the layout that the site uses, so it is throwing an error. I fixed this by not trying to output the menu widget when it is blank, but I don’t see why I should have to do this as well.




<?php if($this->menu) { /* <-- this is my solution */ ?>

 <div class="span-5 last">

  <div id="sidebar">

  <?php

   $this->beginWidget('zii.widgets.CPortlet', array(

    'title'=>'Operations',

   ));

   $this->widget('zii.widgets.CMenu', array(

    'items'=>$this->menu,

    'htmlOptions'=>array('class'=>'operations'),

   ));

   $this->endWidget();

  ?>

 </div><!-- sidebar -->

</div>

<?php } ?>

Yii Version 1.12, SRBAC 1.1.1rc2

611

What do you mean by non-crud actions?

If an action is in the controller in the form of

public function actionActionID()

it will appear in the automatic creation of auth items and it will be used.

What’s the controllerID and teh actionID that are not working?

612

What I meant by non-crud actions is any action that wasn’t created by the CRUD process, which are the actionView, actionUpdate, actionDelete, etc. I added in my own action actionListByType(). I went into SRBAC and did the auto-create items, went to my controller and saw the new action had appeared as a choice, clicked it and hit create. Then, I went in and added it to the appropriate task. I believe the problem has something to do with the cases of the characters in the action. If I change the operation name to JournalListbytype, it works. But the auto-gen thing creates it as JournalListByType… I’m assuming this is because the method name has these capital letters in it. But the request that comes in is journal/listbytype. When that gets converted to an access string, it’s JournalListbytype and it doesn’t match the created permission. What do you make of this?

613

Hi if the action is actionListByType() and the controller is Journal the request should be

journal/listByType and not journal/listbytype so there won’t be a problem

A possible solution is to overide the checkAccess method in CDbAuthManager and use insensitive case compare when checking for access. I’ll see if this can be done in srbac code

614

Hi,

I have given the link for my post on SRBAC to avoid repost.

SRBAC page not found error

What am i doing wrong. Please help.

615

[size="3"]Srbac v1.1.1[/size]

Enhancements

Added srbac.components.SDbAuthManager.php .You can set this as your AuthManager class in main.php configuration file if you want case insensitive access checking.

Bug fixes

Fixed bug when allowed.php did not return an array.

Updates

Added Lithuanian translation

Added Ukranian translation

Updated Spanish and Russian translation

Download :

http://www.yiiframew…_1.1.1_r209.zip or

http://srbac.googlec…_1.1.1_r209.zip

Also from SVN :

http://code.google.c…source/checkout

Documentation:

http://srbac.googlec…guide_1.1.1.pdf

Yii blog demo with srbac v1.1.1

http://www.yiiframew…srbac_1.1.1.zip or

http://srbac.googlec…srbac_1.1.1.zip

616

Thanks a lot for the great module.

I just upgraded to the new version.

I get an error though. When I’m trying to access

http://localhost/index.php?r=srbac/authitem/assign

Or http://localhost/index.php?r=srbac/authitem/assignments

I get an Error:

include(Users.php) [<a href=‘function.include’>function.include</a>]: failed to open stream: No such file or directory

This works fine:

http://localhost/index.php?r=srbac/authitem/manage

Is this an Error by me or could there be some problem with the module? Thanks a lot in advance!

617

Is your user’s class in models/Users.php file?

If your users class is not named Users.php you have to change this in your main configuration file

618

Thanks a lot! I just had to rename ‘userclass’=>‘Users’ to ‘userclass’=>‘User’. I guess the problem was simply that I installed yii-usermanagement-module the same time I upgraded and got a little confused. Thanks once more!

619

Tnx Spyros,

all is configured as it should be.

Still having issues with autocreating stuff (clicking the buttons just reloads the page, no action), but I’ll read up on it first in the rest of the forum.

Great tool!

620

Ok, found it.

I had installed another authorization module and the params in the main config interfered.

After deleting that module and removing the main config params, all is well.