Srbac version 1.02
http://www.yiiframework.com/extension/srbac/
Enhancements:
- Automatic creation of operations based on controllers’ actions.
Creation of two tasks (using, administrating)
The operations are also assigned to these tasks based on the action’s name (all operations assigned to administrating and you can choose which actions are assigned to using)
Mass delete of automatic created operations, tasks for each controller
Added an SBaseController that must be extended for the use of automatic created auth items.
-
Cannot revoke Authority role if there’s no other user with that role
-
Custom not authorized page
-
srbac front page (just the links for authItems managing, assigning and user’s assignments)
-
srbac isInstalled() method
About the automatic creation of AuthItems:
You can automatically create operations/tasks for your controllers.
The operations are named as ContollerIdAction (eg PostView, PostDelete etc)
Also you can create 2 tasks named ControllerIdViewing, ControllerIdAdministrating (eg PostViewing, PostAdministrating).
All operations are assigned to the administrating task, and you can select witch operations are assigned to viewing task by editing the $_userOperations attribute in AuthController.php (This will be a srbac attribute in the next release)
If you also want srbac to automatically check for access in your controllers, your controllers should extend the SBaseController class in srbac module or any other class that extends this one.
SbaseController overides the beforeAction($action) method and checks if the user has access to the current controller/action.
protected function beforeAction($action) {
parent::beforeAction($action);
//create srbac access itemname
$access = ucfirst($this->id).ucfirst($this->action->id);
//Always allow access if $access is in the allowedAccess array
if(in_array($access, $this->allowedAccess())) {
return true;
}
//Allow access if srbac is not installed yet
if(!Yii::app()->getModule('srbac')->isInstalled()) {
return true;
}
// Check for srbac access
if(!Yii::app()->user->checkAccess($access) && !Yii::app()->params->debug) {
// You may change this messages
$error["code"] = "403";
$error["title"] = "You are not authorized for this action";
$error["message"] = "Error while trying to access " .$this->id."/".$this->action->id."." ;
//You may change the view for unauthorized access in your main cfg file
if(Yii::app()->request->isAjaxRequest) {
$this->renderPartial(Yii::app()->getModule('srbac')->notAuthorizedView,array("error"=>$error));
} else {
$this->render(Yii::app()->getModule('srbac')->notAuthorizedView,array("error"=>$error));
}
return false;
} else {
return true;
}
}
/**
* an array holding the items that are always allowed
* @return <Array>
*/
private function allowedAccess() {
return array (
'SiteLogin','SiteLogout','SiteIndex','SiteAdmin','SiteError',
'SiteContact'
);
}
As you can there’s a method allowedAccess() returning an array for the operations that are always allowed (this must be changed to fit your needs - Also will be a srbac attribute in next releasa)
There’s also a new attribute notAuthorizedView for defining the view to display when check access fails