rights

Rights - Yii access control evolved

Introduction ¶

Current version 1.3.0 (revision 147)

This extension utilizes Yii's built-in Database Authorization Manager (CDbAuthManager) to provide a web interface for advanced access control.

View screenshots

Demo ¶

Follow the link below to try Rights on the Yii Blog demo. Please contact me if it doesn't work or seems messed up and I will fix it as soon as possible.

Try the demo

Features ¶

User interface optimized for usability
Role, task and operation management
View displaying each role's assigned tasks and operations
Assigning authorization items to users
Sorting of authorization items by dragging and dropping
Installer for easy and quick set up
Authorization item generation
Controller filter for checking access
Support for business rules (and data)
Runtime caching to increase performance
Internationalization (I18N)
Cross-browser and cross-database compatibility
Easy to extend

Resources ¶

Translations ¶

Rights is currently translated into Finnish, French, German, Greek, Hungarian, Italian, Japanese, Spanish, Simplified Chinese and Swedish. Please contact me if you wish to translate Rights.

Donate ¶

Want to say thanks for the time and efforts put on this project?

Donate with PayPal

Change Log ¶

April 1, 2011 ¶

Release 1.3.0
- Installer now uses the schema.sql in the data folder
- Installer now names tables according to the application configuration
- Generator now creates tasks for {ControllerId}.* permissions
- Optimized the getting of superusers
- Fixed the problem that access was granted to Rights when no superuser were found
- Fixed most issues reported on Google Code

January 11, 2011 ¶

Release 1.2.0
- Assigned items are now divided into Roles, Tasks and Operations
- Renamed most of the component classes to be prefixed with ‘R’ for consistence
- Configuration parameter for whether to display item description instead of name
- Configuration parameter for the application layout.
- Removed the guestName configuration parameter, web user guestName will be used instead
- Changed the forms to not use the form builder for convenience
- Return URLs are now stored with the web user
- Authorization item names are now URL encoded when passed as get parameters

December 16, 2010 ¶

Release 1.1.0
- Optimization by runtime caching authorization items and their children
- Improved the authorization manager and authorizer
- Minor user interface improvements
- Proper support for CSRF validation in authorization item sorting
- Renamed the AuthItemWeight table to Rights

October 27, 2010 ¶

Release 1.0.0
- Official release

September 5, 2010 ¶

Release 0.9.11
- User interface improvements (UI reviewed for usability)
- Description is now mainly used instead of the name
- Even more intensive use of grid view
- Minor generator improvements
- Runtime caching of the module and its components
- Proper support for overriding the module style

August 28, 2010 ¶

Release 0.9.10
- Use of grid views and data providers
- Proper authorization item sorting according to weights
- An own user behavior
- Generator now also looks for controllers in subfolders

August 13, 2010 ¶

Release 0.9.9b
- Fixed a somewhat critical bug in the installer which cased the installer to not run correctly.

August 11, 2010 ¶

Release 0.9.9
- Improved authorization item generation
- Improved installer
- Improved module configuration
- Rewritten style sheet for easier styling

August 4, 2010 ¶

Release 0.9.8
- Authorization item generator
- Installer automation
- Improved support for module nesting

July 31, 2010 ¶

Release 0.9.7
- Module nesting
- Flash messages
- Authorization item sorting
- Hover functionality for tables
- German translation (thanks g3ck0)
- Italian translation (thanks joeysantiago)

July 28, 2010 ¶

Release 0.9.5
- Support for custom style sheets
- Swedish translation

July 26, 2010 ¶

Release 0.9.3
- Rights Installer
- Improved module configuration
- Pagination for Assignments

July 20, 2010 ¶

Release 0.9.2
- Internationalization (I18N)
- Finnish translation

July 19, 2010 ¶

Release 0.9.1
- Initial release

Total 20 comments

#7072

thepaulius at 2012/02/22 09:32am

Changing 'Rights' doesn't update the database

Hi,

Hopefully, it's just me being dum.

I've created Roles, Tasks and Operations, its working!

If I then go and change a name of a role for example, the change isn't being applied in the database...

Find if you never want to change anything - but perhaps someone can either supply a patch - or tell me what I've not done right lol

#7060

jerome.nicholas at 2012/02/21 07:35pm

installation problem

great job really love it!

i am working with framework yii-1.1.9.r3527, with no additional plugins installed.. on the first run needed to add an entry in the authitem and authassignment db tables.

modified the Controller.php in the protected/components directory
"class Controller extends RController"

and added another function public function filterAccessControl($filterChain) { $filter = new RightsFilter; $filter->allowedActions = $this->allowedActions(); $filter->filter($filterChain); }

now its working perfectly, the documentation is missing these stuff!

Jerome Nicholas Programmer/Analyst http://shalomsoftware.com.au/

#6823

sieppl at 2012/02/07 01:22pm

@kmddm

Either you

prefix your admin (or frontend) controllers
OR your actions name must be unique for the same controller name.

There is no better solution without hacking rights. I am going with number 2 and for small project it is fine.

#6821

kmddm at 2012/02/07 12:22pm

Problem with 1.3.0

Hi all, i'm using Rights v1.3.0 and i have next module structure

controllers/PageController.php
controllers/admin/PageController.php

Rights module generates rights only for controllers/admin/PageController.php? So, currently Rights module doesnt support not uniqiue names for controllers? Has anyone same problem? How to fix it?

#6501

imri at 2012/01/15 06:24am

Wow

Such a good module, Thank you very much!

The only problem is that it's very difficult to find it through Google.

Better than any other Yii RBAC manager!

#6049

Chris83 at 2011/12/08 02:42am

@tsmith108

You can add the multiselect by themeing.

#5944

mentel at 2011/11/27 11:16pm

100 upvotes!

Wow man. Rights totally deserves that. Congratulations!

#5573

kazio at 2011/10/21 06:08am

normal user as superuser

Hello, When user is logged as superuser and log on to other account without logout then user is still superuser,

#5118

tsmith108 at 2011/09/15 09:23am

Feature Request

Just started using this module and like it... moving from srbac. It would be nice to change the drop-down list for assigning operations to tasks to a multi-select list box. Then you'd have the ability to select multiple operations for one task and click Add just once.

Thanks for the good work Chris

#5001

horizons at 2011/09/05 07:59am

yes sorry it was my fault

I tested the rights module with the yii 1.8 blog demo and forgot that the UserIdentity returns the "username" for Yii::app()->user->getId().

because the blog demo has only an array for authenticate. Guess this is the problem which others also have if they install the rights module in their "test applications".

i found this after i tried to add the "admin" superuser role to another account. which failed every time.

So it works with yii 1.8 it just doesn't work from scratch in the yii blog demo cause of the missing user data.

#4999

Wiseon3 at 2011/09/05 05:17am

Clarifications

@horizons $userIdList is an array that holds the ids of the users with superuser access, so the current condition is the right one.

@paejan I'm currently using Rights with Yii 1.18 and it works without a hitch.

#4539

phazei at 2011/07/18 06:40pm

Checks for superuser even during install

Seems to check for user even when "install" is true and you're logged in. It throws:

Error: code=403, message=There must be at least one superuser!

If I temporarily comment out line 305:

throw new CHttpException(403, Rights::t('core', 'There must be at least one superuser!'));

Then install it, then uncomment, it works just fine.

#4490

sieppl at 2011/07/13 07:51am

Simple example for a business rules and limited access to index action (inspired from the forum)

Here is my simple example to allow only the owner of an blog post to view, update and delete. In my example Post has a propery 'user_id' which is the value of the owning user.

In your PostController:

public function filters() {
        return array(
                        'accessOwn + view, update, delete',                        
                        'rights',
        );
    }
 
    public function filterAccessOwn($filterChain)
    {
        $post=$this->loadModel($_GET['id'], 'Post');
        if(Yii::app()->user->checkAccess('Post.AccessOwn', array('userid'=>$post->user_id)))
        $filterChain->removeAt(1);
        $filterChain->run();
    }

In rights define following operation:

Name: Post.AccessOwn
Description: Post.AccessOwn
Rule: return Yii::app()->user->id==$params["userid"];

To limit access to browsable posts (i.e. on the default index action), you can do something like following in your PostController:

public function actionIndex() {
        $dataProvider = new CActiveDataProvider('Post');
        if (!Yii::app()->user->isSuperuser) {
            $dataProvider->setCriteria(array(   
                'condition' => 'user_id=:user_id',
                'params' => array(':user_id' => Yii::app()->user->id), 
            ));
        }
        $this->render('index', array(
            'dataProvider' => $dataProvider,
        ));
    }

#3561

b3atb0x at 2011/04/19 05:13am

Feature suggestion

I think exporting/importing Roles/Operations/Tasks would be a great tool to make it easier to manage roles etc. across code updates. Do you plan this feature? If not - maybe, let's discuss it and we'll help code it \m/

#3353

schmunk at 2011/04/05 12:18pm

User class import

While installing, I got this error: include(User.php) [function.include]: failed to open stream: No such file or directory

Besides this info from the manual: Note: In case your User model is not called ‘User’ or if you user name column is not called ‘username’ or if your user id column is not called ‘id’ you need to override the respective setting in the module configuration.

You'll also have to import your User class, e.g. if it's in a module.

#3352

ryurhrt at 2011/04/05 11:05am

RAuthorizer Bugs?

Hi, if it a bugs?

i have to change the code at RAuthorizer.php line 292

from:

$criteria->addInCondition(Rights::module()->userIdColumn, $userIdList);

to:

$criteria->addInCondition(Rights::module()->userNameColumn, $userIdList);

so that it search the name column instead of id column for super user, else will get error: "There must be at least one superuser!"

#3031

hezll at 2011/03/09 05:09am

rights url bug?????

I've put the module in yii blog demo

but when I inter http://localhost/yii1.1/demos/blog/index.php?r=rights/authItem/generate

Yii Blog Demo Home About Contact Logout (demo) Home » Rights » Generate items AssignmentsPermissionsRolesTasksOperations .........

the url changed!!!!

Home=>http://localhost/yii1.1/demos/blog/index.php?r=rights/post/index About=>http://localhost/yii1.1/demos/blog/index.php?r=rights/post/about ......

I don't know why .may be it's the bug of blog.Can somebody test and help me out?

#3001

hezll at 2011/03/07 08:49am

table_prefix I need

It seems there isn't support table_prefix.So if I have many projects to use only one database.rights mey be confused.table_prefix needed!

#2705

sravani at 2011/01/31 06:29am