RBAM - Role Based Access Control Manager

Here you go:

/**

 * Database schema required by CDbAuthManager.

 *

 * @author Qiang Xue <qiang.xue@gmail.com>

 * @link http://www.yiiframework.com/

 * @copyright Copyright &copy; 2008 Yii Software LLC

 * @license http://www.yiiframework.com/license/

 * @since 1.0

 */


drop table if exists AuthAssignment;

drop table if exists AuthItemChild;

drop table if exists AuthItem;


create table AuthItem

(

   name             	varchar(64) not null,

   type             	integer not null,

   description      	text,

   bizrule          	text,

   data             	text,

   primary key (name)

);


create table AuthItemChild

(

   parent           	varchar(64) not null,

   child            	varchar(64) not null,

   primary key (parent,child),

   foreign key (parent) references AuthItem (name) on delete cascade on update cascade,

   foreign key (child) references AuthItem (name) on delete cascade on update cascade

);


create table AuthAssignment

(

   itemname         	varchar(64) not null,

   userid           	varchar(64) not null,

   bizrule          	text,

   data             	text,

   primary key (itemname,userid),

   foreign key (itemname) references AuthItem (name) on delete cascade on update cascade

);

Used demo a little and I can say 1 thing that just blows it out to trash - no batch assignments! And I would say it has an overcomplicated interface. Viewing Assigned items is with those parents/children/unrelated/assignments block really blows the mind out to hell. SRBAC looks kind’a weird, but when you start to use it you notice that it’s developer is a genius - just needs some refinement, but totally genius implementation. And really easy to use.

Thanks for the report.

1.4 is released which fixes the issue.

Re: translations. YES Please

The translations are courtesy of Google. Any and all help to improve the current and/or add additional translations is very welcome.

Can I suggest you delete RBAM from your system if you haven’t already - I do not want to be responsible for the state of your mental well-being.

This is the great thing about community developed extensions; if you don’t like one there is almost certainly another that you do, and if not there is always the option to develop your own.

I try to use this module with installed Yii-user. When I go to “/index.php?r=rbam/authAssignments/index”, I’ve got error

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DISTINCT(SUBSTR(username, 1, 1)) AS username FROM users t’ at line 1

When I look to log file, I see that:

[error] [system.db.CDbCommand] Error in querying SQL: SELECT id, username, email, createtime, lastvisit, superuser, status, DISTINCT(SUBSTR(username, 1, 1)) AS username FROM users t

I see, that this is “right” error for this query

This is because in module yii-user for model User I see this code:

public function defaultScope()

{

   return array(

      'select' => 'id, username, email, createtime, lastvisit, superuser, status',

   );

}

For this reason I think, that this is a good thing to modify in AuthAssignmentsController.php at line 82 code from

$chars = CActiveRecord::model($userClass)->findAll($activeCharCriteria);

to

$chars = CActiveRecord::model($userClass)->resetScope()->findAll($activeCharCriteria);

Maybe it need to modify at other place, I don’t know at this time

P.S. Sorry for my bad english.

I dont get it… Sorry Guys, im completly new to yii and tried to install rbam to a generated application by yiic, but i really dont get it. It says RBAM is not initialised, eventhough i didnt change a line and followed the install instructions. Maybe someone can take a look at the following configuration:

'rbam'=>array(

			'rbacManagerRole'=>'RBAC Manager', 

			'authItemsManagerRole'=>'Auth Items Manager',  

			'authAssignmentsManagerRole'=>'Auth Assignments Manager', 

			'authenticatedRole'=>'Authenticated', 

			'guestRole'=>'Guest', 

			'pageSize'=>10, 

			'relationshipsPageSize'=>5, 

			'userClass'=>'User', 

			'userIdAttribute'=>'id', 

			'userNameAttribute'=>'username', 

			'userCriteria'=>array(), 

			'layout'=>'rbam.views.layouts.main', 

			'applicationLayout'=>'application.views.layouts.main', 

			'baseUrl'=>null, 

			'baseScriptUrl'=>null, 

			'cssFile'=>null, 

			'showConfirmation'=>3000, 

			'juiShow'=>'fade', 

			'juiHide'=>'puff', 

			'juiScriptUrl'=>null, 

			'juiThemeUrl'=>null, 

			'juiTheme'=>base, 

			'juiScriptFile'=>'jquery-ui.min.js', 

			'juiCssFile'=>'jquery-ui.css', 

			'initialise'=>null, 

			'exclude'=>'rbam', 

			'development'=> true, 

		),		

[...]

'authManager'=>array(

            'class'=>'CDbAuthManager',

            'connectionID'=>'db',

    	),

Additionally ive created the model "User" like this:

class User extends CActiveRecord {


	public function tableName() {


		return 'tbl_user';

	}

}

But rbam still says its not initialised. Any idea? =)

Thanks a lot

Hey, great extension.

I think, it is a good idea to have a SVN (like Google Code) or GIT for this project, I think many of us can give you a hand, What do you think?

Regards.

Ricardo.

some bugs and bugfixes:

http://www.yiiframework.com/extension/rbam/#c2455

and it will be better to have a link in the main table also to see

"Users Assigned to the "XXX" Role"

Have the same problem when I go to index.php?r=rbam it says "RBAM is not initialised". Also i changed nothing in the configuration and have a User model for my user table and followed the install instructions.

Using Yii 1.1.6 with RBAM 1.4 on Ubuntu 10.10 with Apache2+PHP 5.3.3

Tried to set

...

'initialise'=>TRUE,

...

but didn’t work.

Thanks for helping

Hello,

I have just installed rbam extension but unable to get it used.Any one please help me about what changes need to be made exactly in other configuration files after extracting rbam under moudule directory…

                 waiting 4 ur advice!!!!!!!!!

2 all who have "not initialized" problem:

'authManager'=>array(

            'class'=>'CDbAuthManager',

            'connectionID'=>'db',

        ),

is in "components" section or in "modules"? Should be in components.

Russian translation of RBAM module, unpack the archive to your rbam/messages folder.

Make sure you have line

	'language'=>'ru',

in your config/main.php

1229

rbam_ru.zip

Nice extension to manage the rbac within an application. After playing around a little bit with the demo. I figure out a small problem with lower case operations, tasks and roles when managing relationships:

E.g. if you define two operations ‘operationOne’ and ‘OperationTwo’ you will see the letter ‘O’ is enabled but when you click it just the upper case operation ‘OperationTwo’ will be shown. The lower case items will be recognized when enabling the alphabetic filters but will not be displayed.

add this at Line 237 of RbamModule.php

$this->initialise=true;

after you initialized the system remove the line

RBAM V1.5 is released.

• RBAM now supports user names from models related to the model specified by userClass; e.g. array(’,’, profile.given_name, profile.family_name) will use the given_name and family_name attributes of the profile relationship in the userClass.

• Russian translation (thanks to Jangos)

• Fixed all reported bugs

Hello Everybody,

I’m new to Yii and to Rbam.

So far seems fine, just had to do a small modification in the source code, using a different field name as a username :

/protected/modules/rbam/RbamModule.php line 414 :

$user->username = Yii::app()->getUser()->id;

to

$user->{$this->userNameAttribute} = Yii::app()->getUser()->id;

But a new issue just came along :

/rbam/components/widgets/RbamRelationship.php Line 59

$alphaPagination->activeCharSet = $owner->activeChars($data, $attribute);

Throw AuthItemsController does not have a method named "activeChars".

The fix is to declare the RbamController::activeChars() method as public (RbamController::97).

I’ll fix and do a new release.

Thanks for the tip, I did the fix.

And so far, I’m still trying to interact in Yii with the rules from RBAM using the accessRules array in my controlers, but still haven’t realy succeded.

Can someone know where can I found a good introcution as how to interact between CDbAuthManager and the controlers, and not just by checking the access manually for each actions ? (considering I guess, all of this is to aavoid having to do that)

The Access Control Filter of the Yii Guide tells you all you need to know (page 185 of the PDF in the release donwnload as of Yii 1.1.6).

One thing to note: ‘roles’ in access rules can actually be roles, tasks, or operations. So if you have an action that relates to a task that is inherited by multiple roles, and all the roles are allowed to access the action (if they aren’t your permissions hierarchy should probably be changed), declare the task in the ‘roles’ for the rule.

Actually, I did read all of that ; I set up my tasks, roles and operations. And still no access using the roles in my controler (I tried it on one controler so far, for testing purposes. Maybe should I change more things ?)

So I haven’t figured out what I have done wrong… yet.

Thanks anyway !