[EXTENSION] srbac : Web interface for the administration of rbac

hi, Spyros

thanks for your hard working, the extension is so powerful!

Here is my suggestion to add a function for searching the user to the authitem/assignments

AuthitemController.php

public function actionSearchuser() {

      $username = '';

      if (!empty($_POST['username'])) {

          $criteria = new CDbCriteria;

          $criteria->condition = $this->module->username.' LIKE "%'.$_POST['username'].'%"';

          $userclass = $this->module->userclass;

          $users = $userclass::model()->findAll($criteria);

          if (count($users)) {

              if (count($users) > 1) {

                  $this->renderPartial('users', array('users'=>$users), false, true);

              }

              else {

                  $_GET['id'] = $users[0]->id;

                  $this->actionShowAssignments();

              }

          } 

          else {

              throw new CHttpException('401', 'There is no such user.');

          }

      }

  }

add these codes in the file views/authitem/assignments.php under the drop-down list

<?php echo CHtml::beginForm(Yii::app()->createUrl($this->module->id.'/authitem/searchuser'), 'POST', array('id'=>'searchuserForm'));?>

    <?php echo CHtml::textField('username');?>

    <?php echo CHtml::submitButton('submit');?>

    <?php echo CHtml::endForm();?>

    <script type="text/javascript">

    //<![CDATA[ 

$(document).ready(function() {

    $('#searchuserForm').submit(function() {

        $.ajax({

            url: $('#searchuserForm').attr('action'),

            type: 'POST', 

            data: $('#searchuserForm').serialize(),

            beforeSend: function () {

                $("#assignments").addClass("srbacLoading");

            },

            complete: function () { 

                $("#assignments").removeClass("srbacLoading");

            },

            success: function (html) {

                $("#assignments").html(html);

            }

        });

        return false;

    });

});

    //]]>

    </script>

Create a new file srbac/views/authitem/users.php

<?php echo SHtml::beginForm(); ?>

<?php echo SHtml::activeDropDownList(

    $this->module->getUserModel(),

    $this->module->userid,

    SHtml::listData($users, $this->module->userid, $this->module->username),

    array(

        'id'=>'users-list',

        'size'=>1,

        'class'=>'dropdown',

        'ajax' => array(

            'type'=>'POST',

            'url'=>array('showAssignments'),

            'update'=>'#assignments',

            'beforeSend' => 'function(){

                              $("#assignments").addClass("srbacLoading");

                          }',

            'complete' => 'function(){

                              $("#assignments").removeClass("srbacLoading");

                          }'

        ),

        'prompt'=>Helper::translate('srbac','select user')

    )

); ?>

<?php echo SHtml::endForm(); ?>

Has the development of this extension halted?

Hi, I’ve been busy the last few months with a project of my daily job and hadn’t time to work with srbac.

I just started fixing some things and a new version will be available in the next weeks .

If you have reported a bug or something that may have missed my attention please report in in the srbac google project issues.

Hi, here’s a suggestion for the Helper component. We can “extend” it by adding the CApplicationComponent to it:

class Helper extends CApplicationComponent {

     ...

}

So with this we can create an additional function on WebUser (for example) component like:

public function isSuperAdmin() {

		return (Yii::app()->user->checkAccess(Yii::app()->getModule('srbac')->superUser) || 

			Yii::app()->getModule('srbac')->Helper->isAuthorizer());

	}

Here we can use Yii::app()->getModule(‘srbac’)->isAuthorizer()

If you have another way to do that, please share with us.

Obs: I use two types of "admins", one is the SuperAdmin that can do ALL and manage the srbac thinks. And the Admin that can do ALL EXCEPT change or delete SuperAdmin.

Thanks, srbac extension is very nice.

Hi…Please Help

i new to Yii n SRBAC

i have succesfully install SRBAC to my Yii

i can execute autocreate auth,role and task succesfully

i have assigned the user, but i can’t access the modul

and always show the error :

" Error:403 ‘You are not authorized for this action’ "

my configuration :

main

'import'=>array(

		'application.models.*',

		'application.components.*',

                'application.extensions.yiidebugtb.*', //our debug extension

                'ext.giix-components.*', // giix components

                'application.modules.srbac.controllers.SBaseController', // srbac modules


	),


	'modules'=>array(

		// uncomment the following to enable the Gii tool

		

		'gii'=>array(

			'class'=>'system.gii.GiiModule',

			'password'=>'admin',

		 	// If removed, Gii defaults to localhost only. Edit carefully to taste.

			'ipFilters'=>array('127.0.0.1','::1'),

                        // giix

                        'generatorPaths' => array(

                            'ext.giix-core', // giix generators

                    ),

		),

		

		 'srbac' => array(

                     'userclass'=>'User', //default: User

                     'userid'=>'id', //default: userid

                     'username'=>'username', //default:username

                     'debug'=>false, //default :false

                     'pageSize'=>10, // default : 15

                     'superUser' =>'Authority', //default: Authorizer

                     'css'=>'srbac.css',  //default: srbac.css

                     'layout'=> 'application.views.layouts.main', //default: application.views.layouts.main,

                                                         //must be an existing alias


                     'notAuthorizedView'=> 'srbac.views.authitem.unauthorized', // default:

                                       //srbac.views.authitem.unauthorized, must be an existing alias

                     'alwaysAllowed'=>array(   //default: array()

                        'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',

                        'SiteError', 'SiteContact'),

                     'userActions'=>array('Show','View','List'), //default: array()

                     'listBoxNumberOfLines' => 15,  //default : 10

                     'imagesPath' => 'srbac.images', // default: srbac.images

                     'imagesPack'=>'noia', //default: noia

                     'iconText'=>true, // default : false

                     'header'=>'srbac.views.authitem.header', //default : srbac.views.authitem.header,

                                                              //must be an existing alias

                     'footer'=>'srbac.views.authitem.footer', //default: srbac.views.authitem.footer,

                                                              //must be an existing alias

                     'showHeader'=>true, // default: false

                     'showFooter'=>true, // default: false

                     'alwaysAllowedPath'=>'srbac.components', // default: srbac.components

                                                              // must be an existing alias

                   )

	),


	// application components

	'components'=>array(

                 'authManager'=>array(

                // Path to SDbAuthManager in srbac module if you want to use case insensitive

                 //access checking (or CDbAuthManager for case sensitive access checking)

               'class'=>'application.modules.srbac.components.SDbAuthManager',

                // The database component used

                'connectionID'=>'db',

                // The itemTable name (default:authitem)

                'itemTable'=>'items',

                // The assignmentTable name (default:authassignment)

                'assignmentTable'=>'assignments',

                // The itemChildTable name (default:authitemchild)

                'itemChildTable'=>'itemchildren',

              ),


		'user'=>array(

			// enable cookie-based authentication

	 .....................

component/controller

class Controller extends SBaseController

{

	/**

	 * @var string the default layout for the controller view. Defaults to '//layouts/column1',

	 * meaning using a single column layout. See 'protected/views/layouts/column1.php'.

	 */

	public $layout='//layouts/column1';

	/**

	 * @var array context menu items. This property will be assigned to {@link CMenu::items}.

	 */

	public $menu=array();

	/**

	 * @var array the breadcrumbs of the current page. The value of this property will

	 * be assigned to {@link CBreadcrumbs::links}. Please refer to {@link CBreadcrumbs::links}

	 * for more details on how to specify this property.

	 */

	public $breadcrumbs=array();

}


.....................

controllers/BarangController

class BarangController extends Controller

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

//			'accessControl', // perform access control for CRUD operations

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

//			array('allow',  // allow all users to perform 'index' and 'view' actions

//				'actions'=>array('index','view'),

//				'users'=>array('*'),

//			),

//			array('allow', // allow authenticated user to perform 'create' and 'update' actions

//				'actions'=>array('create','update'),

//				'users'=>array('@'),

//			),

//			array('allow', // allow admin user to perform 'admin' and 'delete' actions

//				'actions'=>array('admin','delete'),

//				'users'=>array('admin'),

//			),

//			array('deny',  // deny all users

//				'users'=>array('*'),

//			),

		);

	}


....................

Please help or the link

fyi : ext. SRBAC (srbac_1.1.1_r209) di Yii 1.1.6

sorry for my bad english

Thx ya

Hi,

srbac 1.2 is available with many bug fixes so if you had problems with 1.1 please try the new version

You can download srbac 1.2 , srbac 1.2 guide and blog demo with srbac from

http://code.google.com/p/srbac/downloads/list

Enhancements

• Added $delimeter parameter to SrbacModule (default "-")
• Added ReturnUrl feature for expired sessions

Bug Fixes

• Fixed SQLite compatibility issue
• Fixed multiple ajax submits
• Fixed bug with auth item delete
• Fixed bug caused by auto param binding in yii 1.1.4 and above
• Fixed “/” delimeter between module and authitem name causing errors with some UrlManager configurations by adding a delimeter parameter to srbacModule
• Fixed a bug with Helper not imported
• Fixed clever assigning
• Fixed bug with actions contain the string "action"

Updates

• Removed checkDefaultRoles function that does not exist anymore in CDbAuthManager

  Upgrading to 1.2

  When upgrading to Version 1.2 (r228) you should change in auth items the ‘/’ character that identifies the modules to $srbac->delimeter value (The default delimeter value in srbac configuration is ‘-‘).

It seems that i have lost some emails so if anyone sent me a translation please send it again so i can upload it

Hi,

I’m new to Yii and srbac…

First of all: great framework, and a good community as well as it seems.

I have copied the srbac module to path/to/application/protected/modules and configured it according to the docs.

This is my config file:

// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','path/to/local-folder');


// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',

	'name'=>'My Yii Site',

	'language'=>'en',


	// preloading 'log' component

	'preload'=>array('log'),


	// autoloading model and component classes

	'import'=>array(

		'application.models.*',

		'application.components.*',

		'application.modules.srbac.controllers.SBaseController',

	),


	'modules'=>array(

		// uncomment the following to enable the Gii tool

		'gii'=>array(

			'class'=>'system.gii.GiiModule',

			'password'=>'my-password',

		 	// If removed, Gii defaults to localhost only. Edit carefully to taste.

			'ipFilters'=>array('127.0.0.1','::1'),

		),

		'srbac'=>array(

			'userclass'=>'User', //default: User

			'userid'=>'user_id', //default: userid

			'username'=>'username', //default:username

			'delimeter'=>'@', //default:-

			'debug'=>false, //default :false

			'pageSize'=>10, // default : 15

			'superUser' =>'Authority', //default: Authorizer

			'css'=>'srbac.css', //default: srbac.css

			'layout'=> 'application.views.layouts.main', //default: application.views.layouts.main,

														 //must be an existing alias

			'notAuthorizedView'=> 'srbac.views.authitem.unauthorized', // default: srbac.views.authitem.unauthorized,

																	   // must be an existing alias

			'alwaysAllowed'=>array( //default: array()

								   'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',

								   'SiteError', 'SiteContact'

								   ),

			'userActions'=>array('Show','View','List'), //default: array()

			'listBoxNumberOfLines' => 15, //default : 10

			'imagesPath' => 'srbac.images', // default: srbac.images

			'imagesPack'=>'noia', //default: noia

			'iconText'=>true, // default : false

			'header'=>'srbac.views.authitem.header', //default : srbac.views.authitem.header,

													 //must be an existing alias

			'footer'=>'srbac.views.authitem.footer', //default: srbac.views.authitem.footer,

													 //must be an existing alias 

			'showHeader'=>true, // default: false

			'showFooter'=>true, // default: false

			'alwaysAllowedPath'=>'srbac.components', // default: srbac.components

													 // must be an existing alias

		),

	),


	// application components

	'components'=>array(

		'user'=>array(

			// enable cookie-based authentication

			'allowAutoLogin'=>false,

		),

		// uncomment the following to enable URLs in path-format

		'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>/*'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>/*'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>/*'=>'<controller>/<action>',

			),

		),

		// DB: SQLite

		/*

		'db'=>array(

			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',

		),

		*/

		// uncomment the following to use a MySQL database

		'db'=>array(

			'connectionString' => 'mysql:host=localhost;dbname=mydb',

			'emulatePrepare' => true,

			'username' => 'username',

			'password' => 'password',

			'charset' => 'utf8',

			'tablePrefix' => 'tbl_',

		),

		'authManager'=>array(

			// Path to SDbAuthManager in srbac module if you want to use case insensitive

			// access checking (or CDbAuthManager for case sensitive access checking)

			'class'=>'CDbAuthManager',//'application.modules.srbac.components.SDbAuthManager',

			// The database component used

			'connectionID'=>'db',

			// The itemTable name (default:authitem)

			'itemTable'=>'authitem',

			// The assignmentTable name (default:authassignment)

			'assignmentTable'=>'authassignment',

			// The itemChildTable name (default:authitemchild)

			'itemChildTable'=>'authitemchild',

		),

		'errorHandler'=>array(

			// use 'site/error' action to display errors

            'errorAction'=>'site/error',

        ),

		'log'=>array(

			'class'=>'CLogRouter',

			'routes'=>array(

				array(

					'class'=>'CFileLogRoute',

					'levels'=>'error, warning',

				),

				// uncomment the following to show log messages on web pages

				/*

				array(

					'class'=>'CWebLogRoute',

				),

				*/

			),

		),

	),


	// application-level parameters that can be accessed

	// using Yii::app()->params['paramName']

	'params'=>array(

	),

);

I have a user table with the respective model and CRUD, and 3 auth-tables ‘authitem’, ‘authassignment’, and ‘authitemchild’ (from the Yii auth example), without model or CRUD (if i’m getting this right, srbac would create these on install?).

Now, when i call path/to/application/site/index.php/site/index/?r=srbac, i expected to see the install page.

Instead, the authItem frontpage is displayed, with three buttons ‘Managing Auth Items’, ‘Assign to Users’, ‘User´s assignments’. On click of any of them, the page just reloads.

Any hints what’s going wrong? Thanks!

Hi, the 3 auth tables are created during the install.

To install srbac you should go to

path/to/application/site/index.php/srbac/authitem/install

and to srbac frontpage

path/to/application/site/index.php/srbac/authitem/frontpage

thanks for your reply.

so i dropped the existing tables and started /srbac/authitem/install, which led to an infinite redirect-loop.

when i put the tables back in manually, the frontpage showed up like before, but no install view.

strange.

i’m running on IIS 7.5 on Win 7, PHP 5.3.5 and MySQL 5.1.40, by the way. yeah, i know what you’re thinking.

The installation just creates the tables. If you created them manually srbac should be working

About the infinite loop , it’s strange. Does it start when you go to the install page or after you pressed the install button?

the loop starts when i try to go to the install page… but if the install script is just for table creation, i can live with that.

so i created the tables manually and now am stuck at the same place… i can see the buttons, on click they load the controllers (authitem/manage, authitem/assign, authitem/assignments), but nothing happens. I just see the buttons.

1358

ok, at least i found out what’s happening…

somehow every request is resolved to the $defaultAction of AuthItemController, which is ‘frontpage’.

when i change the $defaultAction to ‘manage’, i can see the manage-interface, but am not able to edit anything.

any ideas?

If you have firebug enabled check if there’s an error in the requests.

Also please check if there 's still a problem if you do not use table prefix

ok, the impacts are getting closer…

it was my urlManager configuration:

'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>/*'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>/*'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>/*'=>'<controller>/<action>',

			),

		),

if i change it to this, it works:

'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			),

		),

i added the /* to the rules to have the whole url in paths (including get-params), so i could do

index.php/controller/action/id/3/param/xyz

instead of

index.php/controller/action?id=3&param=xyz

i guess i have to leave that for now, as srbac is more important for me to work…

or does anyone happen to have a quick fix for the problem, which allows me to do both (use srbac and full path urls)?

this is a great module, really.

thanks for sharing!

Is there a reason you’re not using this syntax to get path-format URLs ?

'urlFormat'=>'path'

i am using that, but without the "/*" it only creates the path format up to controller/action/id/value… anything which might come after that is appended as a $_GET parameter.

so i can’t do controller/action/id/5/size/big/price/500

but instead

controller/action/id/5?size=big&price=500

at least that’s what i think. as a Yii-noob.

but that’s just seo-cosmetics, which is overrated anyways. never mind.

maybe you could help me with another issue… i think i have already seen this somewhere, but can’t find it any more.

i want to assign a role ("User") automatically to every logged in user…

is it possible to do this via srbac, or do i have to make a database entry in the authassignments table on every user creation?

You can assign the user role programmaticly when the user is created (eg when his registers in your application)

i would have to do that with CAuthManager, right? i’ll give it a try.

i’m getting the following error… any idea what the culprit is?

Declaration of SHtml::clientChange() should be compatible with that of CHtml::clientChange()

Source File

…\protected\modules\srbac\components\SHtml.php(13)

rather… why does

	protected static function clientChange($event,&$htmlOptions){

    	$htmlOptions['live']=false;

    	parent::clientChange($event, $htmlOptions);

	}

not work?