Yii 1.1: rights

Rights - Yii access control evolved

Yii-Rights on Ohloh


Current version 1.3.0 (revision 147)

This extension utilizes Yii's built-in Database Authorization Manager (CDbAuthManager) to provide a web interface for advanced access control.

View screenshots


Follow the link below to try Rights on the Yii Blog demo. Please contact me if it doesn't work or seems messed up and I will fix it as soon as possible.

Try the demo


  • User interface optimized for usability
  • Role, task and operation management
  • View displaying each role's assigned tasks and operations
  • Assigning authorization items to users
  • Sorting of authorization items by dragging and dropping
  • Installer for easy and quick set up
  • Authorization item generation
  • Controller filter for checking access
  • Support for business rules (and data)
  • Runtime caching to increase performance
  • Internationalization (I18N)
  • Cross-browser and cross-database compatibility
  • Easy to extend



Rights is currently translated into Finnish, French, German, Greek, Hungarian, Italian, Japanese, Spanish, Simplified Chinese and Swedish. Please contact me if you wish to translate Rights.


Want to say thanks for the time and efforts put on this project?

Donate with PayPal

Change Log

April 1, 2011

  • Release 1.3.0
    • Installer now uses the schema.sql in the data folder
    • Installer now names tables according to the application configuration
    • Generator now creates tasks for {ControllerId}.* permissions
    • Optimized the getting of superusers
    • Fixed the problem that access was granted to Rights when no superuser were found
    • Fixed most issues reported on Google Code

January 11, 2011

  • Release 1.2.0
    • Assigned items are now divided into Roles, Tasks and Operations
    • Renamed most of the component classes to be prefixed with ‘R’ for consistence
    • Configuration parameter for whether to display item description instead of name
    • Configuration parameter for the application layout.
    • Removed the guestName configuration parameter, web user guestName will be used instead
    • Changed the forms to not use the form builder for convenience
    • Return URLs are now stored with the web user
    • Authorization item names are now URL encoded when passed as get parameters

December 16, 2010

  • Release 1.1.0
    • Optimization by runtime caching authorization items and their children
    • Improved the authorization manager and authorizer
    • Minor user interface improvements
    • Proper support for CSRF validation in authorization item sorting
    • Renamed the AuthItemWeight table to Rights

October 27, 2010

  • Release 1.0.0
    • Official release

September 5, 2010

  • Release 0.9.11
    • User interface improvements (UI reviewed for usability)
    • Description is now mainly used instead of the name
    • Even more intensive use of grid view
    • Minor generator improvements
    • Runtime caching of the module and its components
    • Proper support for overriding the module style

August 28, 2010

  • Release 0.9.10
    • Use of grid views and data providers
    • Proper authorization item sorting according to weights
    • An own user behavior
    • Generator now also looks for controllers in subfolders

August 13, 2010

  • Release 0.9.9b
    • Fixed a somewhat critical bug in the installer which cased the installer to not run correctly.

August 11, 2010

  • Release 0.9.9
    • Improved authorization item generation
    • Improved installer
    • Improved module configuration
    • Rewritten style sheet for easier styling

August 4, 2010

  • Release 0.9.8
    • Authorization item generator
    • Installer automation
    • Improved support for module nesting

July 31, 2010

  • Release 0.9.7
    • Module nesting
    • Flash messages
    • Authorization item sorting
    • Hover functionality for tables
    • German translation (thanks g3ck0)
    • Italian translation (thanks joeysantiago)

July 28, 2010

  • Release 0.9.5
    • Support for custom style sheets
    • Swedish translation

July 26, 2010

  • Release 0.9.3
    • Rights Installer
    • Improved module configuration
    • Pagination for Assignments

July 20, 2010

  • Release 0.9.2
    • Internationalization (I18N)
    • Finnish translation

July 19, 2010

  • Release 0.9.1
    • Initial release

Total 20 comments

#20068 report it
Rajith R at 2017/04/21 03:25am
@Rahmad Subekti


#19986 report it
Rahmad Subekti at 2016/11/24 09:17pm
Where's the Documentation ?

I want to use this extension. But, when I wanted to open the documentation, there's not documentation file. So, any body help me ? something like give me the documentation via email or anything can help me to get the documentation. Thankyou

#19583 report it
Rajith R at 2015/09/17 02:38am
@usman iqbal

Where you got this error, I am working with Rights, no issues here.

#19545 report it
usman iqbal at 2015/08/31 07:26am
Get authorizer error

Fatal error: Call to undefined method Rights::getAuthorizer() getting this pathetic error

#19179 report it
emrald at 2015/04/08 05:51am
rights - installation

============ rights - installation 1: class RWebUser extends WebUser//(user webuser class)

2: class Controller extends RController

public function filters() { return array( 'rights', ); } 
public function allowedActions() { return 'error,login,logout'; }

3: remove/comment class'es individual filters and accessRules(site and others)

5: class RDbAuthManager extends CDbAuthManager public $rightsTable = 'rights';//small r

#19091 report it
Rajith R at 2015/03/12 07:21am

Add controller action option is there . Try that functionality.

#19090 report it
Rajith R at 2015/03/12 07:20am

Changes in layouts.

#18951 report it
malkabani.com at 2015/02/10 08:18am
applay theme

hi how can i add rights to my current theme

#18837 report it
sushant_d84 at 2015/01/20 02:21am
Scanning of Actions

Hi There,

Thanks for replying...

Current module Scan all the member function which starts with keyword "action" from almost all the controller.

1) Can we change it to something else? I want use something like 'check' 2) Can we add more keywords? Most of my functions starts with check and not action. So can have both options ( 'actionEditUser' + 'checkEditUser')? 3) Can we include some plugin/extensions/components and create its operations?

Regards Sushant Danekar

#18836 report it
sushant_d84 at 2015/01/20 02:20am
Scanning of Actions

Hi There,

Thanks for replying...

Current module Scan all the member function which starts with keyword "action" from almost all the controller.

1) Can we change it to something else? I want use something like 'check' 2) Can we add more keywords? Most of my functions starts with check and not action. So can have both options ( 'actionEditUser' + 'checkEditUser')? 3) Can we include some plugin/extensions/components and create its operations?

Regards Sushant

#18829 report it
Rajith R at 2015/01/19 05:15am

No !!

#18721 report it
sushant_d84 at 2014/12/17 08:14am
Mongo DB?

Hi , Is there a separate version for Mongo DB.

I am in need of Yii Mongo and right module

#18447 report it
Rajith R at 2014/10/30 02:56am

Please try a rewrite .

#18445 report it
Kkk at 2014/10/29 08:41pm
Demo doesn't work

Hi! The domain (http://www.cniska.net/) is not working!!!

#18402 report it
Mariaczi+PL at 2014/10/24 08:09am
Compatible with Yii 2?

Is it? Is someone going to update this great extension?

#18231 report it
Rajith R at 2014/10/02 06:33am

Guest means? Public ?

#18182 report it
Giov at 2014/09/22 01:27pm
Help with config

Hi everybody! one question about rights and user! I have followed this tutorial http://www.yiiframework.com/wiki/423/installing-yii-users-and-rights-to-newly-created-yii-app/ to install them. All fine, i can log with admin and set the rights. Then i modify each controller in my app like this class ArticoloController extends RController{ public function filters(){ return array('rights'); } } And now if i open the page without logging me he redirect me to the login page! I set all the permission for the guest, so this is not what i want!

Even, i set the permission from this page r=rights/authItem/permissions. In my idea the item Site.* is a global item that have inside him Site.Contact, Site.Error and Site.Index. It's right? So i can set only the Site.*, right?

Last question, when i read Revoke it's mean that the guest have the permission and when i read Assign it's mean that the guest have not the permission, right? I have check in the db table and i can see the item in the table when i read Revoke.

Thanks for all the help!!!

#17156 report it
Rajith R at 2014/05/08 07:17am

Thank you for the information.

Where you got that error?

#17064 report it
Loren at 2014/04/29 03:57pm
Bug In RAutherizer.php

If you expirience problems with the usernames not working and getting a permision denied error with the main rights page, you probably need to integrate this change, https://bitbucket.org/Crisu83/yii-rights/pull-request/6/use-usernamecolumn-from-config/diff

Please merge this into the main distribution.

#16856 report it
Rajith R at 2014/04/04 01:28am
  1. Yes
  2. No. we cant directly upgrade a yii 1.x application to yii 2.0 .

Leave a comment

Please to leave your comment.

Create extension