Yii Framework Forum: [EXTENSION] Rights - Yii Framework Forum

Jump to content

  • (32 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

[EXTENSION] Rights Yii access control evolved. Extensive web interface for CDbAuthManager Rate Topic: ***** 27 Votes

#21 User is offline   joeysantiago 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 01-April 10

Posted 30 July 2010 - 10:20 AM

View Postquangle, on 30 July 2010 - 10:14 AM, said:

What are difference between Operations and Tasks?

Hope i understood it well:

a task is a set of operations. I think about them as something like:

task (name = "forum management"){
operation (name = "create posts"),
operation (name = "update posts"),
operation (name = "delete posts"),
}

hope it helps! :)
joey santiago

an Italian with Suomi inside.
0

#22 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 31 July 2010 - 09:58 AM

View Postquangle, on 30 July 2010 - 10:14 AM, said:

What are difference between Operations and Tasks?

I create a role as below but it doesn't work:

Name: Authorized_User
Description: authorized user

Bizrule: return Yii::app()->user->id

--------
Controller:

    public function filters() {
        return array( 'rights', );
    }

    public function accessRules() {
        return array('index', 'view', 'create', 'update', 'delete', 'admin', 'topAuthors', 'articles', 'setdefault');
    }


I assigned Authorized_User has ability to Create new author.


Hello quangle,

You don't need the Yii's accessControl-method if you don't use the accessControl-filter.
Also, in normal cases like yours, you don't need to set any business rules.

Please read the "Role-Based Access Control"-section in Yii's guide to Authentication and Authorization here:
http://www.yiiframew...ide/topics.auth
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#23 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 31 July 2010 - 02:09 PM

Version 0.9.7 is now available.

New features are:

  • Flash messages
  • Support for module nesting
  • Sorting of authorization items
  • Hover functionality for the tables
  • Improved Installer
  • German translation (thanks g3ck0)
  • Italian translation (thanks joeysantiago)


I did a major code review during which I improved the code quality a bunch and even rewrote almost all comments. The overall quality of the module's source code should now be pretty good.

The module documentation has also been updated and can be found at:
http://yii-rights.go...s-doc.0.9.7.pdf

Enjoy!
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#24 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 01 August 2010 - 07:25 AM

View Postquangle, on 29 July 2010 - 10:20 PM, said:

Hi Chris,

For instance I have 10 Controllers and each Controller has about 10 Actions.
Controller always has some same Actions like: Index, View, Create, Delete,...

I think I could make task *_Index or *_View for all Controllers that have Index or View action.

What you say?


Hello quangle,

This is an interesting idea but it could result in a potential security risk and would you really want to assign all index and view actions to one role/user instead of assigning them separately?

I could think of making a operation for accessing all actions within a controller, but I'm not sure that is needed either. What do you think?
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#25 User is offline   speedster 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 23
  • Joined: 10-February 09

Posted 04 August 2010 - 11:45 AM

Hi,

Maybe I'm doing something wrong, but installer fails with error Property "CDbAuthManager.itemWeightTable" is not defined.

And I've searched for this in google, no luck... Could tell me what am I doing wrong?

0

#26 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 04 August 2010 - 12:43 PM

View Postspeedster, on 04 August 2010 - 11:45 AM, said:

Hi,

Maybe I'm doing something wrong, but installer fails with error Property "CDbAuthManager.itemWeightTable" is not defined.

And I've searched for this in google, no luck... Could tell me what am I doing wrong?


Hello speedster,

As noted on the project page there is an error in the documentation. Please change your authManager to use the class RightsAuthManager and it should work. I've already corrected this in the documentation and it will be corrected in the next version.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#27 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 04 August 2010 - 08:49 PM

Version 0.9.8 is now available.

New features are:

  • Authorization item generator
  • Automated installer
  • Improved support for module nesting
  • Sorting of all types of authorization items


I've been working pretty hard on getting it ready so I hope it work well. In case you happen to find a bug please report it on google code. The authorization item generator should be of assistance when installing the module so that you don't need to create all the items for the filter by hand.

The generator can be accessed from:
rights/setup/generate

The documentation has again been updated and can be found at:
http://yii-rights.go...s-doc.0.9.8.pdf

Enjoy!
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#28 User is offline   Jun 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 7
  • Joined: 13-July 10

Posted 05 August 2010 - 04:41 AM

Great job, Chris!

I love the generator feature! It will save a lot of time to set up the whole access control.

I am very new to yii and I am trying to do something as bellow:

I have a button that calls to a action. Instead of user going to the page display the decline message, I try to hide the button from displaying.

e.g. on Post/Admin page, every record has "View", "Edit", "Delete" buttons. If user has no permission to "Edit", then this user can not see the "Edit" button at all.

I'm not sure how can it be done normally, but this is just my thought. Maybe there can be a API that returns true or false value, like:
Yii::app()->rights->isPermit


Or references of other approaches or tutorials will be highly appreciated.

Thanks again for your great effort.

Jun
0

#29 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 05 August 2010 - 05:14 AM

View PostJun, on 05 August 2010 - 04:41 AM, said:

Great job, Chris!

I love the generator feature! It will save a lot of time to set up the whole access control.

I am very new to yii and I am trying to do something as bellow:

I have a button that calls to a action. Instead of user going to the page display the decline message, I try to hide the button from displaying.

e.g. on Post/Admin page, every record has "View", "Edit", "Delete" buttons. If user has no permission to "Edit", then this user can not see the "Edit" button at all.

I'm not sure how can it be done normally, but this is just my thought. Maybe there can be a API that returns true or false value, like:
Yii::app()->rights->isPermit


Or references of other approaches or tutorials will be highly appreciated.

Thanks again for your great effort.

Jun


We actually have that built in Yii's access control.

With CMenu you can use:

'visible'=>Yii::app()->user->checkAccess('User.View')

or then you can of course put the link in an if-clause with a call to checkAccess.

You can read more about the checkAccess-method here:
http://www.yiiframew...ide/topics.auth

If you wish to see how to use checkAccess in practice check out Yii's blog demo with Rights which can be downloaded at:
http://yii-rights.go...s-0.9.8.r56.zip

Hopefully this helps. :)
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#30 User is offline   i.amniels 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 54
  • Joined: 05-August 10

Posted 05 August 2010 - 02:34 PM

Chris, thanks for the great work!

Right after I installed Rights following the installation guide from your PDF, Rights was not working. I had to create the Auth... tables myself. I am using Yii 1.1.3.r2247.
0

#31 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 05 August 2010 - 03:29 PM

View PostNiels NL, on 05 August 2010 - 02:34 PM, said:

Chris, thanks for the great work!

Right after I installed Rights following the installation guide from your PDF, Rights was not working. I had to create the Auth... tables myself. I am using Yii 1.1.3.r2247.


Hello Niels,

Did you install the latest version (0.9.8) or? I haven't had any problems like yours while testing and I've tested it quite a lot, reinstalled and set up on different projects atleast a dozen of times.

What kind of problems did you encounter?

Also what version of the documentation did you follow?
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#32 User is offline   i.amniels 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 54
  • Joined: 05-August 10

Posted 06 August 2010 - 06:57 AM

I used Rights 0.9.8.r56 and I used this guide to install. When I visited /index.php?r=rights I got directly redirected to /index.php. I was logged in as admin.
0

#33 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 06 August 2010 - 01:18 PM

View PostNiels NL, on 06 August 2010 - 06:57 AM, said:

I used Rights 0.9.8.r56 and I used this guide to install. When I visited /index.php?r=rights I got directly redirected to /index.php. I was logged in as admin.


In order for the install to when accessed it requires you to not have any of the tables for the Authorization Manaager (authitem, authchild, authassignment). If you do you need to drop them to install Rights.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#34 User is offline   Alichin 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 57
  • Joined: 03-August 10

Posted 08 August 2010 - 04:03 PM

I installed Rights 0.9.8. The installation and the automatic generation of authorization items worked without any problem.
However to make the ACAC (rights filter) work I had to change my user table setting the id = username.
If I leave the id of the User table set to autogenerated values (1,2,3....n) what happens is that the auth items are assigned to the id, and the checkAccess performed in the RightsFilter is done aginst the username, and therefore always fails.

I am new to Yii, so maybe something in my setup is wrong: I would appreciate any suggestion.

In any case, thanks for a great piece of code, very useful!
0

#35 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 09 August 2010 - 08:52 AM

View PostAlichin, on 08 August 2010 - 04:03 PM, said:

I installed Rights 0.9.8. The installation and the automatic generation of authorization items worked without any problem.
However to make the ACAC (rights filter) work I had to change my user table setting the id = username.
If I leave the id of the User table set to autogenerated values (1,2,3....n) what happens is that the auth items are assigned to the id, and the checkAccess performed in the RightsFilter is done aginst the username, and therefore always fails.

I am new to Yii, so maybe something in my setup is wrong: I would appreciate any suggestion.

In any case, thanks for a great piece of code, very useful!


Hello Alichin,

Currently the user id column has to be id. However, in the next version it will be possible to configure the user id column name.

Glad you liked the module. I'm still working on it so there might still be some room for improvement.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#36 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 11 August 2010 - 07:05 PM

Version 0.9.9 is now available.

New features are:

  • Separate views for creating operations, tasks and roles
  • Authorization item generation is now part of the modules core functionality
  • Installer can now be enabled/disabled and it's possible to reinstall the module
  • Improved module configuration (e.g. flash message keys can now be set)
  • Rewritten style sheet to allow for easier styling
  • Updated translations


The documentation has been updated as well and can be found at:
http://yii-rights.go...s-doc.0.9.9.pdf

Rights 1.0 is soon here. Thanks to everyone who's taken part in testing the module.

I'd really like to get some feedback on the project. If you've tried the module please let me know what you think of it.

Enjoy!
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#37 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 644
  • Joined: 29-November 08
  • Location:Paris, France

Posted 12 August 2010 - 05:12 PM

Hi Chris,
I've installed and I'm 'playing' with your great Rights module and up to now everyting works just fine...
I thought I could contribute a little bit and so here is the french translation.
Hope this helps.
ciao
8)

Attached File(s)

  • Attached File  fr.zip (1.79K)
    Number of downloads: 8

0

#38 User is offline   Hallaj 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 14-March 10

Posted 13 August 2010 - 01:47 PM

Hi, I'm trying to install this extension but I'm getting this as an error instead:

The system is unable to find the requested action "install".

0

#39 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 13 August 2010 - 04:15 PM

View PostHallaj, on 13 August 2010 - 01:47 PM, said:

Hi, I'm trying to install this extension but I'm getting this as an error instead:

The system is unable to find the requested action "install".



Hello Hallaj,

Seems like a minor bug has slipped through testing. To correct this problem please open the InstallController.php under the controllers directory, scroll down to line 37 and change:

$this->defaultAction = $this->_installer->isInstalled===true ? 'confirm' : 'install';

to:

$this->defaultAction = $this->_installer->isInstalled===true ? 'confirm' : 'run';

This issue has been fixed in 0.9.9b.

Sorry for the inconvenience.

This post has been edited by Chris83: 14 August 2010 - 06:49 AM

Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#40 User is offline   outrage 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 313
  • Joined: 10-November 09
  • Location:Blackpool, United Kingdom

Posted 18 August 2010 - 06:30 PM

Just a heads up.
Unpacking the 0.9.9 archive to 'protected' puts the 'gii' folder in another 'protected' folder like this:

/protected/protected/gii/

Just need to move 'gii' to /protected/gii/

Nice work by the way :)
0

Share this topic:


  • (32 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users