Yii Framework Forum: [EXTENSION] Rights - Yii Framework Forum

Jump to content

  • (32 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

[EXTENSION] Rights Yii access control evolved. Extensive web interface for CDbAuthManager Rate Topic: ***** 27 Votes

#41 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 19 August 2010 - 01:58 AM

View Postoutrage, on 18 August 2010 - 06:30 PM, said:

Just a heads up.
Unpacking the 0.9.9 archive to 'protected' puts the 'gii' folder in another 'protected' folder like this:

/protected/protected/gii/

Just need to move 'gii' to /protected/gii/

Nice work by the way :)


Now I'm not sure how 'gii' is associated to my module. Could you elaborate a bit? I checked the packages and both the source and the demo installation seemed fine.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#42 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 22 August 2010 - 10:02 PM

View Postjoeysantiago, on 30 July 2010 - 02:24 AM, said:

Sorry... the problem was my server kind of cached operations and assignements... i restarted apache2 for other stuff and now magically everything works.


I also facing the same problem.. but now it works (after restart apache).

View PostChris83, on 09 August 2010 - 08:52 AM, said:

Hello Alichin,

Currently the user id column has to be id. However, in the next version it will be possible to configure the user id column name.

Glad you liked the module. I'm still working on it so there might still be some room for improvement.



When I use 'Id' (not 'id') as my user id column, i got an error. Then I change file RightAuthorizer.php
around line 303
public function getSuperusers()
	{
		$nameColumn = $this->_userNameColumn;
		$superusers = array();
		foreach( $this->_user->findAll() as $user )
		{
			$items = $this->getAuthItems(CAuthItem::TYPE_ROLE, $user->id);
...

become
public function getSuperusers()
	{
		$nameColumn = $this->_userNameColumn;
                $idColumn = $this->_userIdColumn;
		$superusers = array();
		foreach( $this->_user->findAll() as $user )
		{
			$items = $this->getAuthItems(CAuthItem::TYPE_ROLE, $user->$idColumn);
		
...


And around line 323
public function isSuperuser($userId=null)
	{
		$user = Yii::app()->getUser();
		if( $user->isGuest===false )
		{
			if( $userId===null)
				$userId = $user->id;
...

become
public function isSuperuser($userId=null)
	{
                $idColumn = $this->_userIdColumn;
		$user = Yii::app()->getUser();
		if( $user->isGuest===false )
		{
			if( $userId===null)
				$userId = $user->$idColumn;
...


Then it works..

Is that safe when I changed $user->id like snippet above?

Thanks in advance for this extension.

~Saiful
Thanks for the conversation,

Saiful
0

#43 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 23 August 2010 - 02:12 AM

Hello saiful,

The changes you mentioned has already been done in the current version (in svn). I noticed them a while ago. I actually did exactly the same changes, so yes it's safe to change the code like you did. :)

I'm currently working on getting this to work with a behavior but I've hit a wall. I haven't received an answer on the thread I posted recently. The thread can be found here:

http://www.yiiframew...dpost__p__54954
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#44 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 645
  • Joined: 29-November 08
  • Location:Paris, France

Posted 23 August 2010 - 01:47 PM

Hi Chris,
I have replied to the thread you mention above .. hope this will help ;)
ciao
8)
0

#45 User is offline   cbi 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 58
  • Joined: 24-August 10
  • Location:Buenos Aires, Argentina

Posted 24 August 2010 - 07:52 PM

Hello Chris,

having some trouble to install Rights on clean yiic application. My config/main.php:

<?php

// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');

// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
        'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
        'name'=>'My Web Application',

        // preloading 'log' component
        'preload'=>array('log'),

        // autoloading model and component classes
        'import'=>array(
                'application.models.*',
                'application.components.*',
                'application.modules.rights.components.*',
            ),

        // application components
        'components'=>array(
                'user'=>array(
                        // enable cookie-based authentication
                        // 'allowAutoLogin'=>true,
                        'class'=>'RightsWebUser',
                ),
                'authManager'=>array(
                        'class'=>'RightsAuthManager',
                        // 'class'=>'CDbAuthManager',
                        // 'connectionID'=>'db',
                ),
                'db'=>array(
                        'connectionString' => 'mysql:host=localhost;dbname=test',
                        'emulatePrepare' => true,
                        'username' => 'test',
                        'password' => 'passwd',
                        'charset' => 'utf8',
                ),

                'errorHandler'=>array(
                        'errorAction'=>'site/error',
                ),

                'log'=>array(
                        'class'=>'CLogRouter',
                        'routes'=>array(
                                array(
                                        'class'=>'CFileLogRoute',
                                        'levels'=>'error, warning, info',
                                ),
                                array(
                                        'class'=>'CWebLogRoute',
                                ),
                        ),
                ),
        ),

        'modules'=>array(
                'gii'=>array(
                        'class'=>'system.gii.GiiModule',
                        'password'=>'passwd',
                        'ipFilters'=>array('192.168.*'),
                ),
                'rights'=>array(
                        'install'=>true,
                ),
        ),

        'params'=>array(               
                'adminEmail'=>'webmaster@example.com',
        ),
);


When I try to access index.php?r=rights it throws me an exception:

Quote

PHP Error

Description

include(User.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory

Source File

/usr/share/yii/yii-1.1.3.r2247/framework/YiiBase.php(338)

00326: * @param string class name
00327: * @return boolean whether the class has been loaded successfully
00328: */
00329: public static function autoload($className)
00330: {
00331: // use include so that the error PHP file may appear
00332: if(isset(self::$_coreClasses[$className]))
00333: include(YII_PATH.self::$_coreClasses[$className]);
00334: else if(isset(self::$_classes[$className]))
00335: include(self::$_classes[$className]);
00336: else
00337: {
00338: include($className.'.php');
00339: return class_exists($className,false) || interface_exists($className,false);
00340: }
00341: return true;
00342: }
00343:
00344: /**
00345: * Writes a trace message.
00346: * This method will only log a message when the application is in debug mode.
00347: * @param string message to be logged
00348: * @param string category of the message
00349: * @see log
00350: */
Stack Trace

#0 /usr/share/yii/yii-1.1.3.r2247/framework/YiiBase.php(338): autoload()
#1 unknown(0): autoload()
#2 unknown(0): spl_autoload_call()
#3 /var/www/localhost/htdocs/yii-demos/testapp/protected/modules/rights/components/RightsAuthorizer.php(500): class_exists()
#4 /usr/share/yii/yii-1.1.3.r2247/framework/base/CComponent.php(152): RightsAuthorizer->setUser()
#5 /usr/share/yii/yii-1.1.3.r2247/framework/YiiBase.php(208): RightsAuthorizer->__set()
#6 /usr/share/yii/yii-1.1.3.r2247/framework/base/CModule.php(362): createComponent()
#7 /var/www/localhost/htdocs/yii-demos/testapp/protected/modules/rights/RightsModule.php(161): RightsModule->getComponent()
#8 /var/www/localhost/htdocs/yii-demos/testapp/protected/modules/rights/controllers/InstallController.php(34): RightsModule->getAuthorizer()
#9 /usr/share/yii/yii-1.1.3.r2247/framework/web/CWebApplication.php(323): InstallController->init()
#10 /usr/share/yii/yii-1.1.3.r2247/framework/web/CWebApplication.php(121): CWebApplication->runController()
#11 /usr/share/yii/yii-1.1.3.r2247/framework/base/CApplication.php(135): CWebApplication->processRequest()
#12 /var/www/localhost/htdocs/yii-demos/testapp/index.php(13): CWebApplication->run()
2010-08-24 21:41:53 Apache Yii Framework/1.1.3


Thanks in advance,


cbi
0

#46 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 24 August 2010 - 08:23 PM

View Postcbi, on 24 August 2010 - 07:52 PM, said:


having some trouble to install Rights on clean yiic application. My config/main.php:

...


Hello cbi,

I assume you did not create 'user' table.
So create table 'user', create the model and try it again.

Please check this post:
http://www.yiiframew...dpost__p__52917
Thanks for the conversation,

Saiful
0

#47 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 24 August 2010 - 10:26 PM

View PostChris83, on 05 August 2010 - 05:14 AM, said:

We actually have that built in Yii's access control.

With CMenu you can use:

'visible'=>Yii::app()->user->checkAccess('User.View')


...



Hello Chris,

I have an admin menu scenario like this:

Group Label
  • Menu Item 1
  • Menu Item 2
  • Menu Item 3


I need to show Group Label if one/all of Menu Items allowed.
Is there any efficient way other than like this one?
if(Yii::app->user->checkAccess('Menu Item 1') 
|| Yii::app->user->checkAccess('Menu Item 2') 
|| Yii::app->user->checkAccess('Menu Item 3') || )
{
 /* Show Group Label */
}


Thanks..
Thanks for the conversation,

Saiful
0

#48 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 25 August 2010 - 12:14 AM

View Postsaiful, on 24 August 2010 - 10:26 PM, said:

Hello Chris,

I have an admin menu scenario like this:

Group Label
  • Menu Item 1
  • Menu Item 2
  • Menu Item 3


I need to show Group Label if one/all of Menu Items allowed.
Is there any efficient way other than like this one?
if(Yii::app->user->checkAccess('Menu Item 1') 
|| Yii::app->user->checkAccess('Menu Item 2') 
|| Yii::app->user->checkAccess('Menu Item 3') || )
{
 /* Show Group Label */
}


Thanks..


Hello saiful,

This is not really related to the module but I would do it using the visibility like this:

'visibility'=>Yii::app->user->checkAccess('Menu Item 1') || Yii::app->user->checkAccess('Menu Item 2') || Yii::app->user->checkAccess('Menu Item 3'),

Does this answer your question?
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#49 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 25 August 2010 - 01:28 AM

View PostChris83, on 25 August 2010 - 12:14 AM, said:

Hello saiful,

This is not really related to the module but I would do it using the visibility like this:

'visibility'=>Yii::app->user->checkAccess('Menu Item 1') || Yii::app->user->checkAccess('Menu Item 2') || Yii::app->user->checkAccess('Menu Item 3'),

Does this answer your question?


Yes, that should work just like my code (using if statement).
Is there any other method that simplify it?
I thought I should create extension for this.
Thanks for the conversation,

Saiful
0

#50 User is offline   joeysantiago 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 01-April 10

Posted 25 August 2010 - 02:36 AM

View Postsaiful, on 25 August 2010 - 01:28 AM, said:

Yes, that should work just like my code (using if statement).
Is there any other method that simplify it?
I thought I should create extension for this.

Helo,

i don't know any other way to do this... but actually i don't think it is so complicated... the visibility attribute is intended to do exactly what you need to do, and the trigger is based on permission, so that's the way! :)

it would actually be great whether menus were automatically created this way. it could be fun to create an extension that triggers the visibility for every menu item... but i wouldn't know where to start from :(

greetings
joey santiago

an Italian with Suomi inside.
0

#51 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 25 August 2010 - 04:58 AM

View Postjoeysantiago, on 25 August 2010 - 02:36 AM, said:

Helo,

i don't know any other way to do this... but actually i don't think it is so complicated... the visibility attribute is intended to do exactly what you need to do, and the trigger is based on permission, so that's the way! :)

it would actually be great whether menus were automatically created this way. it could be fun to create an extension that triggers the visibility for every menu item... but i wouldn't know where to start from :(

greetings


Hello joeysantiago,

i would like to use:
if (Yii::app()->user->checkAccess('user.%'))
{
 /* some logic */
}

better than:
[code]if (Yii::app()->user->checkAccess('user.index') || Yii::app()->user->checkAccess('user.create')
|| Yii::app()->user->checkAccess('user.update') || Yii::app()->user->checkAccess('user.delete')
|| Yii::app()->user->checkAccess('user.view'))
{
 /* some logic */
}


And after i enable sql profiler, Rights create sql like this
Querying SQL: SELECT * FROM AuthItem WHERE name=:name. Bind with parameter
:name='user.index'
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsWebUser.php
(41)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsFilter.php
(43)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsBaseController.php
(36)


if I can change name=:name to name LIKE :name then i can use any mysql wildcard.
But i can't find it where..
Any clue?
THanks..
Thanks for the conversation,

Saiful
0

#52 User is offline   joeysantiago 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 01-April 10

Posted 25 August 2010 - 05:10 AM

View Postsaiful, on 25 August 2010 - 04:58 AM, said:

Hello joeysantiago,

i would like to use:
if (Yii::app()->user->checkAccess('user.%'))
{
 /* some logic */
}

better than:
[code]if (Yii::app()->user->checkAccess('user.index') || Yii::app()->user->checkAccess('user.create')
|| Yii::app()->user->checkAccess('user.update') || Yii::app()->user->checkAccess('user.delete')
|| Yii::app()->user->checkAccess('user.view'))
{
 /* some logic */
}


And after i enable sql profiler, Rights create sql like this
Querying SQL: SELECT * FROM AuthItem WHERE name=:name. Bind with parameter
:name='user.index'
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsWebUser.php
(41)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsFilter.php
(43)
in
D:\WebRoot\yii\toko\protected\modules\rights\components\RightsBaseController.php
(36)


if I can change name=:name to name LIKE :name then i can use any mysql wildcard.
But i can't find it where..
Any clue?
THanks..

mhm... can't you create a task whose children are all of the operations you want to check, then check the task?

i think you should change the core in order to have a LIKE in stead of an =, but i'm not sure... probably you could create a class that extends CAuthManager and change the code of checkaccess function? it doesn't sound such a clear approach... :( i'd better go for the task and use 'visibility' in stead of the if statement. :)
joey santiago

an Italian with Suomi inside.
0

#53 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 25 August 2010 - 05:57 AM

View Postjoeysantiago, on 25 August 2010 - 05:10 AM, said:

mhm... can't you create a task whose children are all of the operations you want to check, then check the task?

Here what i've done:
Create task: User Management
Assign operation
  • user.* (User Controller)
  • user.index (User Index)
  • user.create (User Create)
  • user.view (User View)
  • user.update (User Update)
  • user.delete (User Delete)
.. as User Management's children.

Then i assign 'demo' user whose already has 'Authenticated' role with specific permission to view users.
When I checkAccess('User Management'), it returns false. But when I assign 'demo' user to have 'User Management' task it returns true.
That's not what i want.

i only need 'demo' user has view permission, but it can show menu group header label "Manage User".
in the future, maybe i need to grant 'someuser' to have create permission, without view, and still can show group header label.


View Postjoeysantiago, on 25 August 2010 - 05:10 AM, said:

i think you should change the core in order to have a LIKE in stead of an =, but i'm not sure... probably you could create a class that extends CAuthManager and change the code of checkaccess function? it doesn't sound such a clear approach... :( i'd better go for the task and use 'visibility' in stead of the if statement. :)


Is that in CAuthManager? not in Rights module?

Thanks in advance.
Thanks for the conversation,

Saiful
0

#54 User is offline   cbi 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 58
  • Joined: 24-August 10
  • Location:Buenos Aires, Argentina

Posted 25 August 2010 - 06:26 AM

View Postsaiful, on 24 August 2010 - 08:23 PM, said:

Hello cbi,

I assume you did not create 'user' table.
So create table 'user', create the model and try it again.

Please check this post:
http://www.yiiframew...dpost__p__52917


Brilliant. Thank you!


cbi
0

#55 User is offline   joeysantiago 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 01-April 10

Posted 25 August 2010 - 07:05 AM

View Postsaiful, on 25 August 2010 - 05:57 AM, said:

Here what i've done:
Create task: User Management
Assign operation
  • user.* (User Controller)
  • user.index (User Index)
  • user.create (User Create)
  • user.view (User View)
  • user.update (User Update)
  • user.delete (User Delete)
.. as User Management's children.

Then i assign 'demo' user whose already has 'Authenticated' role with specific permission to view users.
When I checkAccess('User Management'), it returns false. But when I assign 'demo' user to have 'User Management' task it returns true.
That's not what i want.

i only need 'demo' user has view permission, but it can show menu group header label "Manage User".
in the future, maybe i need to grant 'someuser' to have create permission, without view, and still can show group header label.

ok, now i see...
then i can't think of any simpler way then the if statement Chris suggested.

Quote

Is that in CAuthManager? not in Rights module?

Thanks in advance.

Rights module uses CwebUser::checkAccess, but the latest uses CAuthManager::checkaccess as stated in here: http://www.yiiframew...ckAccess-detail

So, i'd go for the if :) sorry for not being able to help you!
joey santiago

an Italian with Suomi inside.
0

#56 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 25 August 2010 - 09:24 AM

Hello saiful,

In your case you must actually check for each separately with or but I'm sure you can do it some other way to avoid this.

Of course you can also create a function in e.g. the user model that checks if the user has any of the listed permissions. Just remember to call Rights through its static class 'Rights', e.g. Rights::module() when using it from the outside.

Rights doesn't do any SQL queries except to allow for authorization item sorting. So yes, it's the CDbAuthManager which does the queries (which RightsAuthManager extends).
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#57 User is offline   outrage 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 313
  • Joined: 10-November 09
  • Location:Blackpool, United Kingdom

Posted 25 August 2010 - 05:20 PM

View PostChris83, on 19 August 2010 - 01:58 AM, said:

Now I'm not sure how 'gii' is associated to my module. Could you elaborate a bit? I checked the packages and both the source and the demo installation seemed fine.


Sorry,

Dunno how it happened but totally wrong thread lol. My apologies :)
0

#58 User is offline   saiful 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 15
  • Joined: 27-May 09
  • Location:Indonesia

Posted 25 August 2010 - 10:04 PM

View Postjoeysantiago, on 25 August 2010 - 07:05 AM, said:

ok, now i see...
then i can't think of any simpler way then the if statement Chris suggested.

Rights module uses CwebUser::checkAccess, but the latest uses CAuthManager::checkaccess as stated in here: http://www.yiiframew...ckAccess-detail

So, i'd go for the if :) sorry for not being able to help you!


I'll check later.. since I'm still learning.. :D

View PostChris83, on 25 August 2010 - 09:24 AM, said:

Hello saiful,

In your case you must actually check for each separately with or but I'm sure you can do it some other way to avoid this.

Of course you can also create a function in e.g. the user model that checks if the user has any of the listed permissions. Just remember to call Rights through its static class 'Rights', e.g. Rights::module() when using it from the outside.

Rights doesn't do any SQL queries except to allow for authorization item sorting. So yes, it's the CDbAuthManager which does the queries (which RightsAuthManager extends).


For now I'll try what you suggested earlier and another way to avoid more coding.. (hehehe)

To reduce typing i use this following trick http://www.yiiframew...oc/cookbook/31/
and add:
function ca($params)
{
        return Yii::app()->getUser()->checkAccess($params);
}


I tested two alternatives for 4 menu items:
  • Your suggestion, checking each Menu Items permission
  • Creating an operation item called 'GroupMenu' and made it as child of each item menu


And here's my simple benchmark result:
Initial State (without item menu permission assignment and checking)
Posted Image

Check Each Menu Item
Posted Image

Using Group Menu
Posted Image

It seems i shoud use each item checking.

Thanks Chris and joesantiago.
Thanks for the conversation,

Saiful
0

#59 User is offline   krillzip 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 26
  • Joined: 14-January 09
  • Location:Sweden

Posted 26 August 2010 - 05:15 AM

The rights module is really good. But I lack one feature, and that is that it doesn't scan subfolders in the controllers folders.
//krillzip 8)
0

#60 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 26 August 2010 - 06:10 AM

@saiful: Interesting benchmarks, thanks for sharing. I'm glad to help if you require further assistance.

@krillzip: You make a very good point! I'll fix that as soon as possible. I already have a lot of improvements in the development branch but I think I can fit this minor fix in as well. Have you written the additional code for the RightsGenerator already or?

Edit:
I've done the changes and in the next version that is planned to be released within a few days the generator will also find controllers in subfolders.

This post has been edited by Chris83: 26 August 2010 - 11:49 AM

Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

Share this topic:


  • (32 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

3 User(s) are reading this topic
0 members, 3 guests, 0 anonymous users