yii-user with rights

russellfeeed · March 21, 2012, 11:19am

Prevent Users From Changing Passwords

Hi

I have a similar issue as @Xav

I have created permissions for User.User., User.Profile. etc in Rights but haven’t assigned them to any User yet.

I’ve added




	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return CMap::mergeArray(parent::filters(),array(

			'rights', // perform access control for CRUD operations

		));

	}

to both UserController and ProfileController.

I was hoping that this would allow me to allow or deny access to index.php/user/profile/changepassword

Is there a way to do this?

Thank in Advance

Russell

karmraj · April 28, 2012, 8:45am

Hi,

Suppose i need to assign some other role to new user from controller (like employee or student) except Authenticate or Guest? Then how can i assign that role to user?

Regards,

karmraj.

iota:

Hi Chris, thanks so much for your comments - much appreciated

That makes sense, I wasn’t really thinking about performance! I’ve tested this out and can confirm it works. So the modifications if anybody wants to use this method to automatically assign the ‘Authenticated’ role to users on registration (and admin creation) are as follows:

In main/config.php, add only the ‘Guest’ role in the ‘defaultRoles’ definition (needs to remain as an array I believe):
    'authManager'=>array(

        'class'=>'RightsAuthManager',   // provides support for authorization item sorting

        // assign default roles to all users, then use bizrules in Rights

        // to distinguish between 'Guest' and 'Authenticated' users

        'defaultRoles'=>array('Guest'),                         

    ),
Edit - the above code is for Rights version 1.1.0. If you have upgraded to 1.2.0 (see below), the class should be renamed to ‘RDbAuthManager’.

Now to automatically assign the ‘Authenticated’ role to users on registration, modify the user/controllers/RegistrationController.php page.

In the actionRegistration() function, change:
    ...

    if ($model->save()) {

        $profile->user_id=$model->id;

        $profile->save();

        if (Yii::app()->controller->module->sendActivationMail) {

    ...
to…
    ...

    if ($model->save()) {

        $profile->user_id=$model->id;

        $profile->save();					

        // assign user the 'Authenticated' role for Rights module

        $authenticatedName = Rights::module()->authenticatedName;

        Rights::assign($authenticatedName, $model->id);

        if (Yii::app()->controller->module->sendActivationMail) {

    ...
And to ensure that users created using the admin creation screen are also assigned to the ‘Authenticated’ role, modify the user/controllers/AdminController.php page.

In the actionCreate() function, change:
    ...

    if($model->validate()&&$profile->validate()) {

        $model->password=Yii::app()->controller->module->encrypting($model->password);

        if($model->save()) {

            $profile->user_id=$model->id;

            $profile->save();

        }

        $this->redirect(array('view','id'=>$model->id));

    }

    ...
to…
    ...

    if($model->validate()&&$profile->validate()) {

        $model->password=Yii::app()->controller->module->encrypting($model->password);

        if($model->save()) {

            $profile->user_id=$model->id;

            $profile->save();

            // assign user the 'Authenticated' role for Rights module

            $authenticatedName = Rights::module()->authenticatedName;

            Rights::assign($authenticatedName, $model->id);

        }

        $this->redirect(array('view','id'=>$model->id));

    }

    ...
Note: using this method, business rules are no longer needed in Rights for either the ‘Guest’ or ‘Authenticated’ roles (which as Chris points out, will improve performance).

This solution worked for me, but I appreciate any suggestions for improvements, i.e. maybe there are less intrusive ways to assign these roles. Suggestions welcome, and thanks again to Chris who provided the code for the above role assignments!

Cheers, Rob

joemaxwell24 · April 17, 2013, 7:21am

xav:

hello, I did all that and it works fine…apparently !! I came across a series of thoughts when using these two modules. At first i thought I could avoid modifying the code of an extension to be able to update with no problem. But that is not possible. The yii user code must be modified if you want, for example, assign a default role to a freshly registered user or have multiple profiles by roles.

Secondly, I’ve created Authorization items for the user module so no user other then admin is able to see the default list given by index.php/user/ (index action). Without success ! However, this task is assigned to no role ! So only the admin should see the list, right ?

Furthermore, i’ve noticed that by seeing the list the user could also click on an item and go to the view detail !!!

What I did is edit the userController.php and modify the filter to comply with rights
return array(

			'rights',

		);
and remove the rule part.

Then there was an improvement, the list was still visible but not the view detail anymore.

So I have two questions :

Is changing the controllers of the user extension the right move or is there another way ?

Why the user.default.index is still accessible after having

a.Created the tasks related to these action in rights and assigned it to none

b.Modified the userController to the ‘rights’ sauce ?

Regards,

xavier

Hi Did you install the table first for Auth before installation because i try your method not work for me.

joemaxwell24 · April 22, 2013, 11:09pm

Somebody reply to this, i am also stuck on this,

I had drop the whole Auth Table and install it using the book change the configuration but still errors

<br class="Apple-interchange-newline">Error

An error occurred while installing Rights.

Please try again or consult the documentation.

deib97 · July 19, 2013, 3:35am

hi,

How to fix about it? I installed yii-user, i want to disable registration. I use this tutorial : http://code.google.com/p/yii-user-management/issues/detail?id=42, but i have this Property "UserModule.disableRegisration" is not defined.

shahzadthathal · September 7, 2013, 7:27am

Hello Yii Right Module experts,

In one of yii project installed yii right module and for login there is used a blog_user table,there is another table for students,Now I want to login with students table records but keep the yii right module functionality , How it is possible that both can login blog_user and students?

chamara · October 8, 2013, 7:37am

?php

/**

user controller class

@author chamara bandara

*/

Yii::import(‘application.extensions.simple_image’);

class UserController extends Controller {

public $layout = ‘//layouts/column2’;

public function filters() {

  return array(


      'accessControl', // perform access control for CRUD operations


          'rights',


  );

}

public function actions() {

  return array(


      'index' =&gt; 'application.modules.users.controllers.user.IndexAction',


      'create' =&gt; 'application.modules.users.controllers.user.CreateAction',


      'view' =&gt; 'application.modules.users.controllers.user.ViewAction',


      'update' =&gt; 'application.modules.users.controllers.user.UpdateAction',


      'delete' =&gt; 'application.modules.users.controllers.user.DeleteAction',


      'admin' =&gt; 'application.modules.users.controllers.user.AdminAction',


      'ajaxChangePassword' =&gt; 'application.modules.users.controllers.user.AjaxChangePasswordAction',


      'UpdatePassword' =&gt; 'application.modules.users.controllers.user.UpdatePasswordAction',


      'approve' =&gt; 'application.modules.users.controllers.user.ApproveAction',


      'reject' =&gt; 'application.modules.users.controllers.user.RejectAction',


  );

}

this is my controller with there action,

i am using rights but above actions can’t get to Generate items list

how i do that plz help me?

nairgh · January 1, 2014, 8:26pm

I have the same problem first. I fixed like this. Edit the main.php as requested. Open schema.mysql.sql and create the mysql tables. Execute the link index.php?r=rights/install will install the rights.

Now it works like a cham !!

m-alkabani · November 22, 2014, 11:21am

xav:

hello, I did all that and it works fine…apparently !! I came across a series of thoughts when using these two modules. At first i thought I could avoid modifying the code of an extension to be able to update with no problem. But that is not possible. The yii user code must be modified if you want, for example, assign a default role to a freshly registered user or have multiple profiles by roles.

Secondly, I’ve created Authorization items for the user module so no user other then admin is able to see the default list given by index.php/user/ (index action). Without success ! However, this task is assigned to no role ! So only the admin should see the list, right ?

Furthermore, i’ve noticed that by seeing the list the user could also click on an item and go to the view detail !!!

What I did is edit the userController.php and modify the filter to comply with rights
return array(

			'rights',

		);
and remove the rule part.

Then there was an improvement, the list was still visible but not the view detail anymore.

[color="#FFFF00"]So I have two questions :

Is changing the controllers of the user extension the right move or is there another way ?

Why the user.default.index is still accessible after having

a.Created the tasks related to these action in rights and assigned it to none

b.Modified the userController to the ‘rights’ sauce ?[/color]

Regards,

xavier

can anyone help me in this case