[jayanthan.ece]

jacmoe, on 17 November 2010 - 03:49 AM, said:

Sorry about lateness - but when #content is not padded:
lockedrights.png

No matter what, you can't click on the dropdown - it's locked.

Using padding 20px in #content :
unlockedrights.png

The dropdown doesn't care about padding in the update role page though, so maybe it has something to do with the layout?

hi,
i used following code in modules/rights/views/layouts/main.php

<?php $this->beginContent('application.views.layouts.main'); ?>

as you said.its showing just default theme of yii.but i am using this theme.can you help in this.Rights should work in the theme that i mentioned.

[thura747]

Q1 : How to show the user's role at user grid view?

Description : I'm using user and rights extension. I would like to show the user's role at grid view of user/admin. and filter by user's role. How can I?

this is my view

$this->widget('zii.widgets.grid.CGridView', array(
    	'id'=>'user-grid',
    	'dataProvider'=>$model->search(),
    	'filter'=>$model,
    	'columns'=>array(
    		array(
    			'name' => 'username',
    			'type'=>'raw',
    			'value' => 'CHtml::link(UHtml::markSearch($data,"username"),array("admin/view","id"=>$data->id))',
    		),
    		array(
    			'name'=>'email',
    			'type'=>'raw',
    			'value'=>'CHtml::link(UHtml::markSearch($data,"email"), "mailto:".$data->email)',
    		),
    		'create_at',
    		'lastvisit_at',
    		array(
    			'name'=>'status',
    			'value'=>'User::itemAlias("UserStatus",$data->status)',
    			'filter' => User::itemAlias("UserStatus"),
    		),
    		array(
    			'class'=>'CButtonColumn',
    		),
    	),
    ));

This is my controller

public function actionIndex()
    	{
    		$rasdataProvider = new RAssignmentDataProvider();
    		$dataProvider=new CActiveDataProvider('User', array(
    			'criteria'=>array(
    		        'condition'=>'status>'.User::STATUS_BANNED,
    		    ),
    				
    			'pagination'=>array(
    				'pageSize'=>Yii::app()->controller->module->user_page_size,
    			),
    		));
    
    		$this->render('index',array(
    			'dataProvider'=>$dataProvider,
    			'rasdataProvider'=>$rasdataProvider,
    		));
    	}

This is the relation of user.php

public function relations()
    	{
            $relations = Yii::app()->getModule('user')->relations;
            if (!isset($relations['profile']))
                $relations['profile'] = array(self::HAS_ONE, 'Profile', 'user_id');
            return $relations;
    	}

Q2 : How to check the user is logging in or not?

Q3: If the user is already logged in, the system do not allow same user. How can I do? I'm using rights and user modules.


Regards
T

[yiifu]

Chris83, on 02 December 2010 - 07:11 PM, said:

@Greg Fennell: I'm not sure if understood your problem correctly but you should assign your "default authenticated role" (Authenticated) to each user that should have that role. Default roles are assigned to users regardless if they are logged in or not. In my opinion the only default role should be the guest role.

To assign the authenticated role automatically you can use this code in your user controller:

$authenticatedName = Rights::module()->authenticatedName;
Rights::assign($authenticatedName, $user->id);

Does this answer your question?

Hi Chris83,

everything work fine for me with your extension but a new registered user doesn't get the authenticated role assigned automatically (i set the default role as guest too)...so, about your issue, i don't really understand where i should put this code in the user controller!

instead i modify RegistrationController action method here :

if ($model->save()) {
							
        $authenticatedName = Rights::module()->authenticatedName;
        Rights::assign($authenticatedName, $model->id);
        ...                                            

there is also an orphelin row in the authassignment table when the user is deleted, so i follow rob on this issue (cannot put the link :-( ...) :

code.google.com/p/yii-rights/issues/detail?id=33

Thanks

[Keeper Hood]

Hi,

I've installed the rights extension even thou it gave me a 403 error. But i cannot access the module at mysite.com/rights

It issues a 403 error saying:
You are not authorized to perform this action.

The call stack for this exception is:

exception 'CHttpException' with message 'You are not authorized to perform this action.' in /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/auth/CAccessControlFilter.php:170
Stack trace:
#0 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/auth/CAccessControlFilter.php(133): CAccessControlFilter->accessDenied(Object(RWebUser), 'You are not aut...')
#1 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/filters/CFilter.php(39): CAccessControlFilter->preFilter(Object(CFilterChain))
#2 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/CController.php(1146): CFilter->filter(Object(CFilterChain))
#3 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/filters/CInlineFilter.php(59): CController->filterAccessControl(Object(CFilterChain))
#4 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/filters/CFilterChain.php(131): CInlineFilter->filter(Object(CFilterChain))
#5 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/CController.php(292): CFilterChain->run()
#6 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/CController.php(266): CController->runActionWithFilters(Object(CInlineAction), Array)
#7 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/CWebApplication.php(283): CController->run('')
#8 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/web/CWebApplication.php(142): CWebApplication->runController('rights')
#9 /var/www/vhosts/mywebsite.com/httpdocs/test/framework/base/CApplication.php(162): CWebApplication->processRequest()
#10 /var/www/vhosts/mywebsite.com/httpdocs/test/index.php(14): CApplication->run()
#11 {main}
REQUEST_URI=/test/rights
---

I'm logged in as username "admin" with a user id equal to 1. In the AuthAssignment table there's default entry fro Admin and userid = 1

Any clues?

[Keeper Hood]

I've managed to solve the problem. My UserIdentity component had stored the wrong variable in its $username and $_id members

[gvanto]

Problem: Getting 403 you are not authorized error when trying to access: mydomain.com/index.php?r=rights

I have downloaded the rights module and following the yii-rights-doc-1.2.0 installation instructions.

Prior to installing rights, I have created some Rbac table structures and populated with some roles and permissions. (for reference, the sql create data included below)

My rights config is as follows: (a bit puzzled as to why 'installed' appears twice in this array?):
As you can see, my main super user role below is 'chadmin' ... which is an item in my AuthItem table

        //rights, see p. 5 of yii-rights-doc-1.2.0
        'rights' => array(
            'superuserName' => 'chadmin',
            'authenticatedName'=>null,
//            'userIdColumn'=>'id',
            'userNameColumn'=>'first_name',
//            'enableBizRule'=>true,
//            'enableBizRuleData'=>false,
//            'displayDescription'=>true,
//            'flashSuccessKey'=>'RightsSuccess',
//            'flashErrorKey'=>'RightsError',
            'install'=>true,
//            'baseUrl'=>'/rights',
//            'layout'=>'rights.views.layouts.main',
//            'appLayout'=>'application.views.layouts.main',
//            'cssFile'=>'rights.css',
            'install'=>true,
//            'debug'=>true,
        ),

Sorry for this big one:

Quote

--
-- Table structure for table `AuthAssignment`
--

CREATE TABLE IF NOT EXISTS `AuthAssignment` (
`itemname` varchar(64) NOT NULL,
`userid` varchar(64) NOT NULL,
`bizrule` text,
`data` text,
PRIMARY KEY (`itemname`,`userid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `AuthAssignment`
--

INSERT INTO `AuthAssignment` (`itemname`, `userid`, `bizrule`, `data`) VALUES
('assetdstr', '12', NULL, 'N;'),
('assetdstr', '13', NULL, 'N;'),
('assetdstr', '4', NULL, 'N;'),
('assetdstr', '5', NULL, 'N;'),
('assetmgr', '2', NULL, 'N;'),
('assetmgr', '3', NULL, 'N;'),
('benefactor', '6', NULL, 'N;'),
('chadmin', '1', NULL, 'N;'),
('staff', '10', NULL, 'N;'),
('staff', '11', NULL, 'N;'),
('staff', '7', NULL, 'N;'),
('staff', '8', NULL, 'N;'),
('staff', '9', NULL, 'N;');

-- --------------------------------------------------------

--
-- Table structure for table `AuthItem`
--

CREATE TABLE IF NOT EXISTS `AuthItem` (
`name` varchar(64) NOT NULL,
`type` int(11) NOT NULL,
`description` text,
`bizrule` text,
`data` text,
PRIMARY KEY (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `AuthItem`
--

INSERT INTO `AuthItem` (`name`, `type`, `description`, `bizrule`, `data`) VALUES
('assetdstr', 2, 'Asset Distributor', NULL, 'N;'),
('assetmgr', 2, 'Asset Manager', NULL, 'N;'),
('benefactor', 2, 'Benefactor', NULL, 'N;'),
('chadmin', 2, 'CHAMS Admin', NULL, 'N;'),
('createAsset', 0, 'create a new asset', NULL, 'N;'),
('createAssetBusinessUnitAssignment', 0, 'create a new asset-bu assignment', NULL, 'N;'),
('createAssetUserAssignment', 0, 'create a new asset-user assignment', NULL, 'N;'),
('createBusinessUnit', 0, 'create a new business unit', NULL, 'N;'),
('createUser', 0, 'create a new user', NULL, 'N;'),
('createUserBusinessUnitAssignment', 0, 'create a new user-business_unit assignment', NULL, 'N;'),
('deleteAsset', 0, 'delete an asset', NULL, 'N;'),
('deleteAssetBusinessUnitAssignment', 0, 'delete a asset-bu assignment', NULL, 'N;'),
('deleteAssetUserAssignment', 0, 'delete a asset-user assignment', NULL, 'N;'),
('deleteBusinessUnit', 0, 'delete a business unit', NULL, 'N;'),
('deleteUser', 0, 'remove a user', NULL, 'N;'),
('deleteUserBusinessUnitAssignment', 0, 'delete a user-business_unit assignment', NULL, 'N;'),
('readAsset', 0, 'read asset information', NULL, 'N;'),
('readAssetBusinessUnitAssignment', 0, 'read a asset-bu assignment', NULL, 'N;'),
('readAssetUserAssignment', 0, 'read a user-asset-user assignment', NULL, 'N;'),
('readBusinessUnit', 0, 'read business unit information', NULL, 'N;'),
('readUser', 0, 'read user profile information', NULL, 'N;'),
('readUserBusinessUnitAssignment', 0, 'read a user-business_unit assignment', NULL, 'N;'),
('staff', 2, 'Staff', NULL, 'N;'),
('updateAsset', 0, 'update asset information', NULL, 'N;'),
('updateAssetBusinessUnitAssignment', 0, 'update a asset-bu assignment', NULL, 'N;'),
('updateAssetUserAssignment', 0, 'update a asset-user assignment', NULL, 'N;'),
('updateBusinessUnit', 0, 'update business unit information', NULL, 'N;'),
('updateUser', 0, 'update a user''s information', NULL, 'N;'),
('updateUserBusinessUnitAssignment', 0, 'update a user-business_unit assignment', NULL, 'N;');

-- --------------------------------------------------------

--
-- Table structure for table `AuthItemChild`
--

CREATE TABLE IF NOT EXISTS `AuthItemChild` (
`parent` varchar(64) NOT NULL,
`child` varchar(64) NOT NULL,
PRIMARY KEY (`parent`,`child`),
KEY `child` (`child`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `AuthItemChild`
--

INSERT INTO `AuthItemChild` (`parent`, `child`) VALUES
('assetmgr', 'assetdstr'),
('chadmin', 'assetmgr'),
('staff', 'benefactor'),
('assetmgr', 'createAsset'),
('assetmgr', 'createAssetBusinessUnitAssignment'),
('assetdstr', 'createAssetUserAssignment'),
('assetmgr', 'createBusinessUnit'),
('chadmin', 'createUser'),
('chadmin', 'createUserBusinessUnitAssignment'),
('assetmgr', 'deleteAsset'),
('assetmgr', 'deleteAssetBusinessUnitAssignment'),
('assetdstr', 'deleteAssetUserAssignment'),
('assetmgr', 'deleteBusinessUnit'),
('chadmin', 'deleteUser'),
('chadmin', 'deleteUserBusinessUnitAssignment'),
('assetdstr', 'readAsset'),
('assetmgr', 'readAsset'),
('staff', 'readAsset'),
('assetmgr', 'readAssetBusinessUnitAssignment'),
('assetdstr', 'readAssetUserAssignment'),
('assetmgr', 'readBusinessUnit'),
('assetmgr', 'readUser'),
('chadmin', 'readUser'),
('chadmin', 'readUserBusinessUnitAssignment'),
('assetdstr', 'staff'),
('assetmgr', 'updateAsset'),
('assetmgr', 'updateAssetBusinessUnitAssignment'),
('assetdstr', 'updateAssetUserAssignment'),
('assetmgr', 'updateBusinessUnit'),
('chadmin', 'updateUser'),
('chadmin', 'updateUserBusinessUnitAssignment');

--
-- Constraints for dumped tables
--

--
-- Constraints for table `AuthAssignment`
--
ALTER TABLE `AuthAssignment`
ADD CONSTRAINT `AuthAssignment_ibfk_1` FOREIGN KEY (`itemname`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE;

--
-- Constraints for table `AuthItemChild`
--
ALTER TABLE `AuthItemChild`
ADD CONSTRAINT `AuthItemChild_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE,
ADD CONSTRAINT `AuthItemChild_ibfk_2` FOREIGN KEY (`child`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE;

Any help on how to solve this / even where to start looking would be greatly appreciated.

Thanks
gvanto

[paskuale]

why repeat twice

"install"=>true

line ? Only one ...

[lindomar]

Hi,
first of all thanks for sharing this module with us.
i have installed it and is working fine, but i have a problem changing the language.
The framework is recognizing the new language, pt_br, i have already create a folder in messages/pt_br with the translations.
But done all this in Rights it still using the default language.
Do you know any way to solve this problem, or i'm missing something i my configuration?
Thanks for your support.
best regards

[gerthelsen]

You can use this:

'rights'=>array(
'install'=>false,
'appLayout'=>'//layouts/main'
),

[ranairfan]

please help me i think i lost track from scratch. i want to use this module for administration end

include(D:\wamp\www\app2\protected\modules\rights\components\RightsWebUser.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory

[luc]

ranairfan, on 22 October 2012 - 03:56 AM, said:

please help me i think i lost track from scratch. i want to use this module for administration end

include(D:\wamp\www\app2\protected\modules\rights\components\RightsWebUser.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory

be sure that your directories are readable by the apache process owner.

[gvanto]

paskuale, on 16 October 2012 - 09:11 PM, said:

why repeat twice

"install"=>true

line ? Only one ...

This is how it appears in the documentation ... ? (I wondered about this myself)

Another thing I am unclear about is the authenticatedName - what is this?
"name of the role assigned to authenticated users"
-> but I have different roles? How can this be in the configuration section for Rights?

more Questions:
If there's already a tbl_authassignments table which contains user<->role definitions, what is the purpose of the tbl_rights table?

[cwhite]

when going to index.php/rights I get this message

Error 403

There must be at least one superuser!

The admin is the superuser. I'm not sure why I'm getting this error.

[luc]

@cwhite: we could not help you without more informations about your config ..

[Ben Mazzarol]

Hi Guys,

First off, Chris this module is fantastic.

I thought I would share a small alteration I made to the RGenerator Class, and apologies if someone has already done this, to account for external actions.

I added a function to instantiate the controller and return all declared external actions.

        /**
         * Returns a list of external actions
         * @param array $cInfo - controller information
         * @return array
         */
        protected function getExternalActions(array $cInfo)
        {
                require_once $cInfo['path'];
                $controllerName = ucfirst($cInfo['name']) . 'Controller';
                $controller = new $controllerName('');
                $actions = array();
                foreach(array_keys($controller->actions()) as $action)
                {
                        $actions[ strtolower($action) ] = array(
						'name'=>  ucfirst($action),
					);
                }
                return $actions;
        }

Then called it in the getControllerActions function as shown bellow.

public function getControllerActions($items=null)
	{
		if( $items===null )
			$items = $this->getAllControllers();

		foreach( $items['controllers'] as $controllerName=>$controller )
		{       
                        $actions = $this->getExternalActions($controller);  // change this line                      
			$file = fopen($controller['path'], 'r');
			$lineNumber = 0;
			while( feof($file)===false )
			{
				++$lineNumber;
				$line = fgets($file);
				preg_match('/public[ \t]+function[ \t]+action([A-Z]{1}[a-zA-Z0-9]+)[ \t]*\(/', $line, $matches);
				if( $matches!==array() )
				{
					$name = $matches[1];
					$actions[ strtolower($name) ] = array(
						'name'=>$name,
						'line'=>$lineNumber
					);
				}
			}

			$items['controllers'][ $controllerName ]['actions'] = $actions;
		}

		foreach( $items['modules'] as $moduleName=>$module )
			$items['modules'][ $moduleName ] = $this->getControllerActions($module);

		return $items;
	}

Now all external actions are listed.

Cheers
Ben

[hoacuong]

Hi all!

I have question :

How to config to mutilple user use rights?

Like : Admin -> admin role 1 -> create many role and role 1 can't see admin role 2 and user in role 2
-> admin role 2 -> create many role

[haseeb2k9]

Chris83, on 19 July 2010 - 03:16 PM, said:

Rights utilizes Yii's built-in database auth manager (CDbAuthManager) to provide a solid web interface for extensive access control.

Features:

• User interface optimized for usability
  
• Role, task and operation management
  
• View displaying each role's assigned tasks and operations
  
• Assigning authorization items to users
  
• Sorting of authorization items by dragging and dropping
  
• Installer for easy and quick set up
  
• Authorization item generation
  
• Controller filter for checking access
  
• Support for business rules (and data)
  
• Runtime caching to increase performance
  
• Internationalization (I18N)
  
• Cross-browser and cross-database compatibility
  
• Easy to extend

Try out the demo

Download directly here (updated 10th of April 2011):
Yii Extensions or Google Code

Yii Blog demo with Rights available here (updated 10th of April 2011):
Yii Extensions or Google Code

Detailed documentation can be found here (Updated 11th of January 2011):
Rights documentation

Project can be found here:
Yii Extensions and Google Code

Downloads: Google Code
Checkout: Google Code

More about Rights on Ohloh.

Having trouble with the module?
Take a look at the documentation or the blog example.
You can also post your questions below and I'll try to answer them as soon as possible.

If you happen to find a bug please report it here or on Google Code and I'll take a look as soon as possible.

Screenshots of the interface (version 1.1.0):













Thank you for reading.

hi friends after instaling the Rights module whan i want to access it, following error is accour. Error 403

There must be at least one superuser!

plz tell me how to fix it.

thanks in advance.

[solved]
in my authassignment table userid column value is not same as in user table.

[haseeb2k9]

Chris83, on 05 April 2011 - 03:26 AM, said:

Well yes, you can simply call Yii::app()->user->checkAccess() before displaying the link.

If you have a menu you can set the visible-setting to what checkAccess returns.

hi Chris83

i am using this but no value is in return
in my authassignment table itemname column have the 'AssignedTask.Admin' value for the following user but no value in return.

here is code demo .

array('label'=>'Assign Tasks', 'url'=>array('/AssignedTask/admin'),'visible'=> Yii::app()->user->checkAccess('AssignedTask.Admin'),

plz tell me how can i solve it.

[yan]

Quote

Error 403

There must be at least one superuser!

fix bug in rights/components/RAuthorizer.php -> public function getSuperusers()

foreach( $users as $user) 
	$superusers[] = $user->name;

to

$colname=Rights::module()->userNameColumn;
foreach($users as $user)
	$superusers[] = $user->$colname;

[skeef]

In the last received a new error:

Fatal error: [] operator not supported for strings in D:\OpenServer\domains\ffi\_fw\collections\CMap.php on line 291

After analysis of the code found that error in the getUniqueRoles() (RInstaller).
Solution: in configuration (main.php)

		'authManager' => array (
			'class' => 'RDbAuthManager', // Provides support authorization item sorting.
			'defaultRoles'=>'Guest',

		),

comment or delete this:

'defaultRoles'=>'Guest',

(My server: Apache-2.2.23, PHP-5.4.10, MySQL-5.1.67)