Great tool although few things it took me a while to figure out (these may be documented somewhere but i couldnt find them) and feel free to correct me if im wrong (although if im not adding these to the manual would be great).
Debug mode = AccessChecks are off. Nearly scrapped using SRBAC in my project as it looked like it wasnt working as all my users could access admin stuff. Debug=false and everything worked! Maybe different naming for this? Debug (true/false) = Debug statements, srbacOn (true/false) = turn SRBAC on or off, installMode (true/false) = create DB tables etc? Just an idea.
Remove accessRules() and accessControl filter from controller. Took me a while to find something on this
In views to check access in order to display content depending on role
if(Yii::app()->user->checkAccess(‘role or operation or task’)). Again not sure if this is the corrcet way to do this as i couldnt find any info on it but seemed to work for me. Only concern is if i change the role, operation or task name id need to update all my view checks. Probably is a better way to do this so please let me know.
Anyway cracking module Spyros and thanks for putting it out there for us newbies to use!
Sry, I posted it to a wrong topic - I’ll remove it if possible.
The following error was displayed after I had installed srbac - yii version 1.1.7 on PHP 5.1.6 apache2.2 fedora.
Thus I have inserted into the AuthItem.php that if isset $this->data block, because that data was null and it caused the error. Do you think it as a necessary fix or there’s nicer fix?
[color=#1C2837][size=2]I want to alter table ‘itemchildren’ to add a column called ‘direct_action’ to ‘module/controller/action’ or ‘controller/action’ that can be directly user in CHtml::link() - ideally when Task is saved.[/size][/color]
[color=#1C2837][size=2]
[/size][/color]
[color="#1C2837"][size="2"]At your convenience, can you please tell me how to do this easily in AuthItem.afterSave().[/size][/color]
[size="2"][color="#1C2837"]
[/color][/size]
[size="2"][color="#1C2837"]Thanks for the wonderful extension.[/color][/size]
I have set an action that has a parameter(e.g actionIndex($p)) to alwaysallowed in srbac system. And it’s saved in allowed.php in srbac system. When I try to access the page, I’ve got this message :
Error:403 ‘You are not authorized for this action’
Error while trying to access /page/index.
When I try to remove the parameter inside the allowed.php file.It works, I can access those action. What happen actually? is that a bug? or something that I miss???
thanks in advance…
P.S: I’ve already delete actionRules inside my controller, and I still found those message.
Hi, thanks for this extension, i hope it will solve my role problems. I just installed it, i have generated demo data, and so far there was no problems. One thing I can’t solve is that ajax links under /srbac/authitem/manage don’t work. I mean Autocreate Auth Items, Edit always allowd links and clear absolete authItems. All links redirect to ../srbac/authitem/manage#
I’ve checked, javascripts are enabled. Is this a common problem ? (i hope so:)
Please let me know if you have this disabled ajax links problem.
I found one issue, which might and might not be bug.
Where there are no users with Authority roles, all users, and even guests will have access to srbac module. This case is explained in Helper::isAuthorizer function, so you might want to change code to ensure that when Authority role is not assigned, nobody will have access to srbac module.
I 'll consider removing access to srbac when authority is not assign, but this way you can only access srbac (to actually set the authority role to a user) in debug mode
Alias "srbac.SrbacModule" is invalid. Make sure it points to an existing PHP file. [/b]
This is the exception i get after installing srbac…
I searched the forums, which said "the file can probably not be accessed by the webserver", which was true in the beginning. Now i set the chmod of the extension folder, the srbac folder and the SrbacModule.php file to "777" and still the same error occurs.
I also tried the advice to from This Topic:
which did not fix it either. Besides of that i fail to find the definition of a "valid alias" or where to define a valid alias.
The description of srbac simply says "must be a valid alias".
Can anyone tell me where i am wrong (probably simply too blind)?
Here is my config file:
<?php
// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');
// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
'name'=>'My Web Application',
// preloading 'log' component
'preload'=>array('log'),
// autoloading model and component classes
'import'=>array(
'application.models.*',
'application.components.*',
'application.modules.srbac.controllers.SBaseController',
),
'modules'=>array(
// uncomment the following to enable the Gii tool
'gii'=>array(
'class'=>'system.gii.GiiModule',
'password'=>'xxxx',
// If removed, Gii defaults to localhost only. Edit carefully to taste.
'ipFilters'=>array('127.0.0.1','::1'),
'ipFilters'=>array('MyOwnIP'),
),
//---------------------------- SRBAC -------------------------------------------------------------------
'srbac' => array(
'userclass'=>'User', //default: User
'userid'=>'user_ID', //default: userid
'username'=>'username', //default:username
'delimeter'=>'@', //default:-
'debug'=>true, //default :false
'pageSize'=>10, // default : 15
'superUser' =>'Authority', //default: Authorizer
'css'=>'srbac.css', //default: srbac.css
'layout'=>
'application.views.layouts.main', //default: application.views.layouts.main,
//must be an existing alias
'notAuthorizedView'=> 'srbac.views.authitem.unauthorized', // default:
//srbac.views.authitem.unauthorized, must be an existing alias
'alwaysAllowed'=>array( //default: array()
'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',
'SiteError', 'SiteContact'),
'userActions'=>array('Show','View','List'), //default: array()
'listBoxNumberOfLines' => 15, //default : 10
'imagesPath' => 'srbac.images', // default: srbac.images
'imagesPack'=>'noia', //default: noia
'iconText'=>true, // default : false
'header'=>'srbac.views.authitem.header', //default : srbac.views.authitem.header,
//must be an existing alias
'footer'=>'srbac.views.authitem.footer', //default: srbac.views.authitem.footer,
//must be an existing alias
'showHeader'=>true, // default: false 'showFooter'=>true, // default: false
'alwaysAllowedPath'=>'srbac.components', // default: srbac.components
// must be an existing alias )
)
//-----------------------------------------------------------------------------------------------
),
// application components
'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
),
// uncomment the following to enable URLs in path-format
/*
'urlManager'=>array(
'urlFormat'=>'path',
'rules'=>array(
'<controller:\w+>/<id:\d+>'=>'<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
),
),
'showScriptName'=>false,
*/
/*
'db'=>array(
'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',
),
*/
// uncomment the following to use a MySQL database
'db'=>array(
'connectionString' => 'mysql:host=xxxx;dbname=xxxx',
'emulatePrepare' => true,
'username' => 'xxxx',
'password' => 'xxxx',
'charset' => 'utf8',
),
'errorHandler'=>array(
// use 'site/error' action to display errors
'errorAction'=>'site/error',
),
'log'=>array(
'class'=>'CLogRouter',
'routes'=>array(
array(
'class'=>'CFileLogRoute',
'levels'=>'error, warning',
),
// uncomment the following to show log messages on web pages
/*
array(
'class'=>'CWebLogRoute',
),
*/
),
),
//---------------------------- AuthManager-------------------------------------------------------------------
'authManager'=>array(
// Path to SDbAuthManager in srbac module if you want to use case insensitive
//access checking (or CDbAuthManager for case sensitive access checking)
'class'=>'application.modules.srbac.components.SDbAuthManager',
// The database component used
'connectionID'=>'db',
// The itemTable name (default:authitem)
'itemTable'=>'items',
// The assignmentTable name (default:authassignment)
'assignmentTable'=>'assignments',
// The itemChildTable name (default:authitemchild)
'itemChildTable'=>'itemchildren',
),
//-----------------------------------------------------------------------------------------------
),
// application-level parameters that can be accessed
// using Yii::app()->params['paramName']
'params'=>array(
// this is used in contact page
'adminEmail'=>'xxxxx',
),
);
Thanks to the web interface I was easily able to automatically create operations and tasks with my controllers. Then I create roles and I’ve assigned to my users.
Only once this is done, I was not able to use user roles to restrict their actions. I missed all the subtleties of this guide.
How can I do this?
And where do I do? In all my controllers or in a WebUser class?