Yii 1.1: hierarchical-rbac

Enhanced version of Yii rbac with complete Web UI
6 followers

WARNING: It has had only minimal testing. Only for brave souls.

Introduction:

HRBAC -> Hierarchical Role Based Access Control 'Hrbac' module is an enhancement of Yii RBAC feature wiht a full Web UI to manage the authorization.

  • It reduces the number of db queries when performing an access check
  • Add conditions (boolean tests) to auth assignments and auth relationships

Hopefully this is simpler than using bizrules and might help avoid bizrules altogether (so no php needed in database).

  • It provides the UI to assign roles and manage the auth items.
  • Quick and easy setup of route access control. Do not need to modify any code other than a couple lines in index.php and the config file main.php.

Using HRBAC : General

  • There are 3 types of authorization items. Roles, Operations or Actions, and Tasks (or Groups of Operations). Roles may contain other auth items and Tasks or Op Groups may contain other groups or ops. You can't create a circular association though.

  • You may assign any number of auth items to a user. It can be any of the three types but you would mostly want to assign roles.

  • Any assignment can be made conditional by specifying some conditions or 'bizrules' to the assignment. Note that this condition or rule pertains only to that particular assignment. We can have conditions and bizrules that apply to specific auth items too but more of that later.

  • 'Conditions' are sets of boolean tests to determine if the role applies for that access test. It uses a simple syntax (more later).

  • 'Bizrule' is a PHP code that's saved with the assignment in the database and is 'eval'ed to determine if the assignment applies. The bizrule must return true or false. Personal thought: it's probably not a good idea to use bizrules if it can be avoided.

  • Each auth item may also have a condition and/or a bizrule associated with it.

  • The benefit of using conditions or bizrules is that the authorization is effective only when certain conditions are met. For example, you can set it up so that it is effective only for a month, or only for certain sections of your website and so on.

  • Each user also automatically gets assigned one of these two roles: 'Anonymous User' or 'Authenticated User' depending on whether they are logged in or not.

  • Each controller may also assign transient roles based on the target object, such as 'Author', 'Owner', 'Manager'.

  • Hrbac also does route based authorization. So if a user has access to a particular controller e.g. /module_id/controller_id/, he also has access to all the actions within that controller. If another user has access to the module e.g. /module_id/ he has access to all controllers and actions within that module.

Requirement:

  • A database table with the name 'users' with a primary key column 'id' and a column 'username'.

    a. If the username column is named differently, you'd have to do some search and replace :(

    b. If the table name is different, just open HrbacModule?.php and change it there.

Documentation

Requirements

  • Yii 1.1.1 or above

Installation

  • Extract the release file under protected/modules

Usage

See documentation in the doc directory.

Discussion

http://www.yiiframework.com/forum/index.php?/topic/8400-module-hrbac/

Change Log

April 5, 2010

  • Initial release.

Total 3 comments

#2688 report it
kmindi at 2011/01/29 07:32am
still in development

Hi, is this extension still in development?

I think the feature should be available in all other extensions or the included rbac yii. Speaking of the additional conditional assignments.

#2573 report it
cactork at 2011/01/18 11:53am
permission in actions

probably you will need to modify your controller in function accessRules() to allow certain actions.

#609 report it
银河王子 at 2010/04/08 11:09pm
error

You do not have permission to perform this action. How to solve it?

Leave a comment

Please to leave your comment.

Create extension
  • Yii Version: 1.1
  • License: New BSD License
  • Developed by: Zeph
  • Category: Auth
  • Votes: -1
  • Downloaded: 3,199 times
  • Created on: Apr 5, 2010
  • Last updated: Apr 15, 2010