rights Follow @yiiframework

Rights - Yii access control evolved

Introduction ¶

Current version 1.3.0 (revision 147)

This extension utilizes Yii's built-in Database Authorization Manager (CDbAuthManager) to provide a web interface for advanced access control.

View screenshots

Demo ¶

Follow the link below to try Rights on the Yii Blog demo. Please contact me if it doesn't work or seems messed up and I will fix it as soon as possible.

Try the demo

Features ¶

User interface optimized for usability
Role, task and operation management
View displaying each role's assigned tasks and operations
Assigning authorization items to users
Sorting of authorization items by dragging and dropping
Installer for easy and quick set up
Authorization item generation
Controller filter for checking access
Support for business rules (and data)
Runtime caching to increase performance
Internationalization (I18N)
Cross-browser and cross-database compatibility
Easy to extend

Resources ¶

Translations ¶

Rights is currently translated into Finnish, French, German, Greek, Hungarian, Italian, Japanese, Spanish, Simplified Chinese and Swedish. Please contact me if you wish to translate Rights.

Donate ¶

Want to say thanks for the time and efforts put on this project?

Donate with PayPal

Change Log ¶

April 1, 2011 ¶

Release 1.3.0
- Installer now uses the schema.sql in the data folder
- Installer now names tables according to the application configuration
- Generator now creates tasks for {ControllerId}.* permissions
- Optimized the getting of superusers
- Fixed the problem that access was granted to Rights when no superuser were found
- Fixed most issues reported on Google Code

January 11, 2011 ¶

Release 1.2.0
- Assigned items are now divided into Roles, Tasks and Operations
- Renamed most of the component classes to be prefixed with ‘R’ for consistence
- Configuration parameter for whether to display item description instead of name
- Configuration parameter for the application layout.
- Removed the guestName configuration parameter, web user guestName will be used instead
- Changed the forms to not use the form builder for convenience
- Return URLs are now stored with the web user
- Authorization item names are now URL encoded when passed as get parameters

December 16, 2010 ¶

Release 1.1.0
- Optimization by runtime caching authorization items and their children
- Improved the authorization manager and authorizer
- Minor user interface improvements
- Proper support for CSRF validation in authorization item sorting
- Renamed the AuthItemWeight table to Rights

October 27, 2010 ¶

Release 1.0.0
- Official release

September 5, 2010 ¶

Release 0.9.11
- User interface improvements (UI reviewed for usability)
- Description is now mainly used instead of the name
- Even more intensive use of grid view
- Minor generator improvements
- Runtime caching of the module and its components
- Proper support for overriding the module style

August 28, 2010 ¶

Release 0.9.10
- Use of grid views and data providers
- Proper authorization item sorting according to weights
- An own user behavior
- Generator now also looks for controllers in subfolders

August 13, 2010 ¶

Release 0.9.9b
- Fixed a somewhat critical bug in the installer which cased the installer to not run correctly.

August 11, 2010 ¶

Release 0.9.9
- Improved authorization item generation
- Improved installer
- Improved module configuration
- Rewritten style sheet for easier styling

August 4, 2010 ¶

Release 0.9.8
- Authorization item generator
- Installer automation
- Improved support for module nesting

July 31, 2010 ¶

Release 0.9.7
- Module nesting
- Flash messages
- Authorization item sorting
- Hover functionality for tables
- German translation (thanks g3ck0)
- Italian translation (thanks joeysantiago)

July 28, 2010 ¶

Release 0.9.5
- Support for custom style sheets
- Swedish translation

July 26, 2010 ¶

Release 0.9.3
- Rights Installer
- Improved module configuration
- Pagination for Assignments

July 20, 2010 ¶

Release 0.9.2
- Internationalization (I18N)
- Finnish translation

July 19, 2010 ¶

Release 0.9.1
- Initial release

Total 20 comments

#12888

Priyranjan Singh at 2013/04/18 03:43am

Solution Found but modification needed by the development team of this extension.

I have asked the question stated below yesterday:

"problem in rights

I am giving rights for 'create' to the 'authenticated' but the 'guest' also get the same right.Means the extension does not undersatnd any difference between 'authenticated' and the 'guest' please help me . I am dying.:( "

Well I found the answer after discussing this with my senior.

Well the problem is that as long as the "authenticated" role will be there there will not be any difference between the guest and the authenticated. you will have to change the name of the role "authenticated" to something else such as "registered" or anything else that you want.

****Well this may be considered as a bug. ****

There is a line in rightsmodule.php in the view of rights which has following code: * @property string the name of the guest role. */ public $authenticatedName = 'Authenticated';

how a guest name can be assigned as 'Authenticated'? I think here lies some problem.

So conclusion is that you must change the name of the authenticated role to something else for the smooth operation.

#12874

hydr0gen at 2013/04/17 08:10am

fix

You need to add business rules for Guest: return Yii::app()->user->isGuest;

and Authenticated: return !Yii::app()->user->isGuest;

This should solve all your problems

#12872

Priyranjan Singh at 2013/04/17 07:47am

problem in rights

#12262

schmunk at 2013/03/10 01:07pm

Using rights and yii-user together

Hi,

I've just uploaded this extension, which provides methods to ensure compatibility for rights and yii-user.

Best regards, schmunk

#12076

technixp at 2013/02/26 09:26am

Auth extension

Thanks!

I've almost missed it :)

auth extension

#11621

hydr0gen at 2013/01/23 06:24am

problem with sessions

You should have install = false in your main config file

#11559

GambadiFerro at 2013/01/20 04:56pm

problem with sessions

Sometimes when I left my page opened for 30 minutes or when I open the site after some hours, I have this error. How can I solve it? Thanks for help.

#11549

mr80 at 2013/01/20 03:17am

What is the current core problems with Rights?

Hi Chris,

Thank you for developing Rights module. Can you tell me more about the current core problems with Rights? I used rights within my cms and it will be great if you can tell me the current core problems of Rights. I will do my best to implement it.

Thank you once again for Rights module.

#11228

Chris83 at 2012/12/30 04:54am

Auth extension

It's been a while since I've been working on Rights. After the success of my Twitter Bootstrap extension I decided that it was time to develop a new module for permissions management using bootstrap. I've been working on my Auth extension, which is a modern and responsive user interface for Yii's authorization manager and it was released yesterday.

If you liked Rights, I'm sure that you will feel at home using Auth as well. It fixes some of the core problems in Rights and is both easier to use and extend. There is also a demo available.

Here's a link to the extension page: http://www.yiiframework.com/extension/auth

#10977

xNicox at 2012/12/07 03:00pm

superuser

hi, I do all muy homework. but i get this when trying to install:

"There must be at least one superuser!"

any idea ? there is some data that should be in new tables ? Best Regards

#10899

mr80 at 2012/12/01 02:21am

Caching for rights

Hi, I have implemented rights to support caching. You guys can check it here:

http://www.yiiframework.com/forum/index.php/topic/36116-rights-alternative/page__view__findpost__p__183254

If you have any ideas/suggestions, please tell me.

Cheers!

#10818

Sebastian K. at 2012/11/26 05:54am

Make RWebUser->checkAccess considering asterisk in AuthItems

We needed checkAccess() to return true when the user has permission for "Foo.*" and the check is called with "Foo.bar", when not AuthItem exists for "Foo.bar".

This is our solution, maybe it helps anyone:

public function checkAccess($operation,$params=array(),$allowCaching=true)
    {
        if ($this->isSuperuser===true)
            return true;
 
        if($allowCaching && $params===array() && isset($this->_access[$operation]))
            return $this->_access[$operation];
        else
        {
            $checkOperation = $operation;
 
            if ((strpos($operation,'*') === false) && (strpos($operation,'.')))
            {
                //in case we have an operation without asterisk we try to check access on the task as fallback, too 
 
                $item = Yii::app()->getAuthManager()->getAuthItem($operation);
                if ($item === null)
                {               
                                        //no AuthItem exists for this operation, let's check access on the task instead
 
                    $operationArray = explode('.', $operation);
                    $operationArray[1] = '*';
                    $checkOperation = implode('.', $operationArray);
                }
            }
 
            return $this->_access[$operation]=Yii::app()->getAuthManager()->checkAccess($checkOperation,$this->getId(),$params);
        }
    }

You can easily change it to always fallback (no matter whether the operation AuthItem exists for other roles), when you remove the inner item check.

#10537

Interboy at 2012/11/03 12:36am

Rights does not work

My site Lii.vn does not work, I config as the guide above. When I access myapp/rights -> error. (I config urlmanager already!)

#9861

salsero at 2012/09/17 03:08am

accessRules for static pages

there is not a way to set the accessRules for static pages (created with CViewAction), for instance if I want to allow access to my static pages only for authenticated users. The normal accessRules let me to specify an action but not a view. Tnx ;)

#9713

felipe_Brz at 2012/09/05 07:27am

Biz Rules with examples

It sure feels weird promoting myself here, but I've written some small examples on bizrules and would like to share it with you guys:

bizrules examples (using rights module)

P.S.: it isn't really specific to the rights-extension but i really don't see any reason for anyone to roll their own rbac when there's cniskas version.

#9530

Shiva Prasad (KTree ) at 2012/08/21 01:32am

Change module layout to current theme

you done great job.. But one issue with changing the layout. Now it is using layout from app.views.layout.main but I just want to use current theme layout how can i do that one

#9466

fad at 2012/08/13 04:11pm

error with yii 1.1.11

Who use last yii 1.1.11 and got error

include($data-&gt;getAssignmentsText(CAuthItem.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory

@fix https://github.com/yiisoft/yii/commit/05441abf04cd14fc379066ab54d8f86f0d3f0e8b

#9457

Patrigan at 2012/08/13 02:31am

Roles interface

Assigning actions to roles becomes rather tedious when you start having 10+ roles. Is there a way to make that part of the interface cleaner?

#9393

rajat.developer at 2012/08/08 01:34pm

Best RBAC manager I've ever used..needs support and documentation though..

I've had a very good experience with Rights, as I used it in a very user role based projects, and got chance to dig into into it quite often..

What I felt most was that things are not documented properly, so I've written a small blog about small things one can so which are required often..

"My blog post about Rights"

#9350

fleuryc at 2012/08/06 04:43am

RE : Problem with Yii::app()->user->checkAccess('Foo.Bar');

Yii: :app()->user->checkAccess() doesn't seem to be recursively going through all the nodes of the assignment tree...

Okay, I was missing this :

the iteration can stop with a positive result when Yii encounters in the hierarchy a so-called default role

from http://www.yiiframework.com/wiki/136/getting-to-understand-hierarchical-rbac-scheme/

(stupid me)