RBAC question

Yii 1.1 General Discussion
1

Hi, i’m using YiiUser managment to control acces to models actions.

Because my app is simple and doesn’t have many users I can live with this approach.

So i only add this to ALL of my model controllers :





	public function filters() {

		return array(

				'accessControl', 

				);

	}


	public function accessRules() {

		return array(

				array('allow',

					'actions'=>array('index','view'),

					'users'=>array('*'),

					),

				array('allow', 

					'actions'=>array('minicreate', 'admin' ,'create','update','copy','export'),

					'users'=>array('@'),

					'expression'=>'$user->hasRole("admin")'

					),

				array('allow', 

					'actions'=>array('admin','delete','copy'),

					'users'=>array('admin'),

					),

				array('deny', 

					'users'=>array('*'),

					),

				);

	}

As you can see I add this line :


'expression'=>'$user->hasRole("admin")'

So I have to change every controller.

What I want is something more flexible, so I only add one line with this parameters:

  • user (if empty is current logged)

  • Model

  • action requested

So the function return an array or something to allow/deny the action.

Is there any way to achieve this ?

Best regards

Nicolas

2

i just can think of one quick ugly way right now, you could define

a getAccessRules function in your own controller (that the other controllers extend from)

and in each access rules of the other controllers you call that func, that returns your

calculated access / deny array

but i am pretty sure, there is a nicer solution ;)

3

This response to your questions about rights module from 08/12/12. I can’t comment on extension page meanwhile.

Maybe it’s compatibility issue with your users class. I succeeded to install it with yii-users. This was very helpfull: http://www.yiiframework.com/wiki/423/installing-yii-users-and-rights-to-newly-created-yii-app/

Rights working only with case sensitive urls and with remapping off all requests to tables to lower case:

my setting for urls management:

	// uncomment the following to enable URLs in path-format


	'urlManager'=>array(


		'urlFormat'=>'path',


     'showScriptName'=>false,


     'caseSensitive'=>true,       


		'rules'=>array(


			'<controller:\w+>/<id:\d+>'=>'<controller>/view',


			'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',


			'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',


		),

for rights tables remapping:

            'authManager'=>array(


                'class'=>'RDbAuthManager',


                'connectionID'=>'db',


                'defaultRoles'=>array('Authenticated', 'Guest'),


                'assignmentTable' => 'authassignment',


                'itemTable' => 'authitem',


                'itemChildTable' => 'authitemchild',


                'rightsTable' => 'rights',


            ),

in class RWebUser you have to add function to update session states:

public function updateSession()


{


    $user = Yii::app()->getModule('user')->user($this->id);


    $userAttributes = CMap::mergeArray(array(


        'email'=>$user->email,


        'username'=>$user->username,


        'create_at'=>$user->create_at,


        'lastvisit_at'=>$user->lastvisit_at,


    ),$user->profile->getAttributes());





    foreach ($userAttributes as $attrName=>$attrValue)


    {


        $this->setState($attrName,$attrValue);


    }


}

this one comes from users extension

4

Hi Dmitry, i’m quite new to Right module, i’m testing it on a new project.

But I think it will accomplish my needs…

Thanks for the advise.

Best Regards