[EXTENSION] Rights

Rights utilizes Yii’s built-in database auth manager (CDbAuthManager) to provide a solid web interface for extensive access control.

Features:

  • User interface optimized for usability

  • Role, task and operation management

  • View displaying each role’s assigned tasks and operations

  • Assigning authorization items to users

  • Sorting of authorization items by dragging and dropping

  • Installer for easy and quick set up

  • Authorization item generation

  • Controller filter for checking access

  • Support for business rules (and data)

  • Runtime caching to increase performance

  • Internationalization (I18N)

  • Cross-browser and cross-database compatibility

  • Easy to extend

Try out the demo

Download directly here (updated 10th of April 2011):

Yii Extensions or Google Code

Yii Blog demo with Rights available here (updated 10th of April 2011):

Yii Extensions or Google Code

Detailed documentation can be found here (Updated 11th of January 2011):

Rights documentation

Project can be found here:

Yii Extensions and Google Code

Downloads: Google Code

Checkout: Google Code

More about Rights on Ohloh.

Having trouble with the module?

Take a look at the documentation or the blog example.

You can also post your questions below and I’ll try to answer them as soon as possible.

If you happen to find a bug please report it here or on Google Code and I’ll take a look as soon as possible.

Screenshots of the interface (version 1.1.0):

Thank you for reading.

Nice implementation Chris, have bookmarked it for future use/reference :)

It looks great! Thanks for your sharing!

What if I have 10+ roles and 50+ operations on permission page? Is there any pagination for roles and/or operations? It would be much better then :)

Love

I’m still thinking about a good solution for if you have a lot of roles. Currently the best solution to this is to set a different layout for Rights (can be done by configuring the module) that is as wide as possible to fit all the necessary roles.

I’ve implemented pagination for Assignments in the latest revision, it will be included in the next release.

However pagination for Operations, Tasks and Roles is another thing as CDbAuthManager uses direct queries to get the permissions. Do you think it’s needed?

Also, I’ve been thinking about adding an additional table called ‘roles’ which could be used for organizing of roles using a ‘weight’ (for management purposes only). Now it’s very hard to know in which order to list the roles and currently they’re listed in order of how many children each role has. Any thoughts on this?

Detailed documentation is now available at:

http://yii-rights.googlecode.com/files/yii-rights-doc.0.9.pdf

Version 0.9.3 is now available.

New features are:

  • Installer

  • Improved module configuration

  • Pagination for Assignments

To use the installer add the following line to rights config:




'modules'=>array(

	'rights'=>array(

		'install'=>true, // Remove this line when the module has been installed.

	),

),



When you access the module the necessary tables will be created and necessary rows will be inserted.

Please note that the User table will not be created as Rights require you to have a working user model.

You can now configure which users will be assigned the super user role when installing the module.

This can be done by settings the super users in the Rights config like this:




'superUsers'=>array(

	1=>'admin',

	2=>'demo',

), // Array of users with super user priviledges. (id=>name)



Default roles can now also be set in Rights config like this:




'defaultRoles'=>array('Guest'), // Only an example, this is the default value.



Rights support internationalization and I’m looking for translators.

Please contact me if you’re interested in translating this module.

Rights is currently available in Finnish and soon also in Spanish and German.

Enjoy!

Hi Chris,

Don’t know why I couldn’t set this module up.

The main layout(main.php) doesn’t display.

Old Controller class




<?php


/**

 * Controller is the customized base controller class.

 * All controller classes for this application should extend from this base class.

 */

class Controller extends CController {


    /**

     * @var string the default layout for the controller view. Defaults to 'column1',

     * meaning using a single column layout. See 'protected/views/layouts/column1.php'.

     */

    public $layout = 'column1';

    /**

     * @var array context menu items. This property will be assigned to {@link CMenu::items}.

     */

    public $menu = array();

    /**

     * @var array the breadcrumbs of the current page. The value of this property will

     * be assigned to {@link CBreadcrumbs::links}. Please refer to {@link CBreadcrumbs::links}

     * for more details on how to specify this property.

     */

    public $breadcrumbs = array();

    

    public $pageDescription;


    public $pageKeywords;


    public $pageFeeds = array();

    

    public function render($view, $data = null, $return = false) {

        

        if ( empty($this->pageDescription) )

            $this->pageDescription = Yii::app()->params->defaultMetaDescription;


        if ( empty($this->pageKeywords) )

            $this->pageKeywords = Yii::app()->params->defaultMetaKeywords;


        Yii::app()->clientScript->registerMetaTag($this->pageDescription, 'description');

        Yii::app()->clientScript->registerMetaTag($this->pageKeywords, 'keywords');

        

        if( count($this->pageFeeds) > 0 ) {

            foreach ($this->pageFeeds as $key => $value) {

                Yii::app()->clientScript->registerLinkTag( 'alternate', 'application/rss+xml', $value, null, array('title' => 'RSS') );

            }

        }

        

        parent::render($view, $data, $return);

    }

    

}



New Controller extends RightsBaseController




<?php


/**

 * Controller is the customized base controller class.

 * All controller classes for this application should extend from this base class.

 */

class Controller extends RightsBaseController{


    /**

     * @var string the default layout for the controller view. Defaults to 'column1',

     * meaning using a single column layout. See 'protected/views/layouts/column1.php'.

     */

    public $layout = 'column1';

    /**

     * @var array context menu items. This property will be assigned to {@link CMenu::items}.

     */

    public $menu = array();

    /**

     * @var array the breadcrumbs of the current page. The value of this property will

     * be assigned to {@link CBreadcrumbs::links}. Please refer to {@link CBreadcrumbs::links}

     * for more details on how to specify this property.

     */

    public $breadcrumbs = array();

    

    public $pageDescription;


    public $pageKeywords;


    public $pageFeeds = array();

    

    public function render($view, $data = null, $return = false) {

        

        if ( empty($this->pageDescription) )

            $this->pageDescription = Yii::app()->params->defaultMetaDescription;


        if ( empty($this->pageKeywords) )

            $this->pageKeywords = Yii::app()->params->defaultMetaKeywords;


        Yii::app()->clientScript->registerMetaTag($this->pageDescription, 'description');

        Yii::app()->clientScript->registerMetaTag($this->pageKeywords, 'keywords');

        

        if( count($this->pageFeeds) > 0 ) {

            foreach ($this->pageFeeds as $key => $value) {

                Yii::app()->clientScript->registerLinkTag( 'alternate', 'application/rss+xml', $value, null, array('title' => 'RSS') );

            }

        }

        

        parent::render($view, $data, $return);

    }

    

}



I’d to set your module up asap. Please help me to solve out this problem.

Thanks in advance.

(removed code from quote.)

Hello quangle,

Do you mean that your main layout do not display for Rights or not at all? If only for Rights I probably know what the problem is because I once had the same problem.

In your column1.php (and column2.php) make sure that the following line reads:




<?php $this->beginContent('application.views.layouts.main'); ?>



Instead of:




<?php $this->beginContent('main'); ?>



Please let me know if this solved your issue.

Thanks a lot. It works perfectly now.

:-*

Hello,

sorry for bothering you…

i freshly installed Yii and tried to add the rights module… this is my main.php file:


<?php


// uncomment the following to define a path alias

// Yii::setPathOfAlias('local','path/to/local-folder');


// This is the main Web application configuration. Any writable

// CWebApplication properties can be configured here.

return array(

	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',

	'name'=>'My Web Application',


	// preloading 'log' component

	'preload'=>array('log'),


	// autoloading model and component classes

	'import'=>array(

		'application.models.*',

		'application.components.*',

		'application.modules.rights.components.*',

	),


	// application components

	'components'=>array(

		'user'=>array(

			// enable cookie-based authentication

			'allowAutoLogin'=>true,

			'class'=>'RightsWebUser',

		),

		// uncomment the following to enable URLs in path-format

		/*

		'urlManager'=>array(

			'urlFormat'=>'path',

			'rules'=>array(

				'<controller:\w+>/<id:\d+>'=>'<controller>/view',

				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',

				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',

			),

		),

		*/

		'db'=>array(

			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',

		),

		// uncomment the following to use a MySQL database

		

		'db'=>array(

			'connectionString' => 'mysql:host=localhost;dbname=yii_digitaldealer',

			'emulatePrepare' => true,

			'username' => 'giorgio',

			'password' => '17sf|ga13',

			'charset' => 'utf8',

		),

		

		'errorHandler'=>array(

			// use 'site/error' action to display errors

            'errorAction'=>'site/error',

        ),

		'log'=>array(

			'class'=>'CLogRouter',

			'routes'=>array(

				array(

					'class'=>'CFileLogRoute',

					'levels'=>'error, warning',

				),

				// uncomment the following to show log messages on web pages

				/*

				array(

					'class'=>'CWebLogRoute',

				),

				*/

			),

		),

		

	),

	'modules'=>array(

        'rights'=>array(

                'install'=>true, // Remove this row after running the module the first time.

                'superUserRole'=>'Admin', // Only an example, this is the default value.

                'defaultRoles'=>array('Guest'), // Only an example, this is the default value.

                'superUsers'=>array(

                        1=>'admin',

                        2=>'demo',

                ),

        ),

	),


	// application-level parameters that can be accessed

	// using Yii::app()->params['paramName']

	'params'=>array(

		// this is used in contact page

		'adminEmail'=>'webmaster@example.com',

	),

);

when i try to go to http://digitaldealer.wdev.wedoo.local/index.php?r=rights i get this:


CException

Description


Property "CPhpAuthManager.db" is not defined.

Source File


/home/digitaldealer/public_html/www/protected/modules/rights/components/RightsInstaller.php(30)


00018:     public $db;

00019:     /**

00020:     * @var bool Whether Rights is installed or not?

00021:     */

00022:     public $isInstalled;

00023: 

00024:     /**

00025:     * Initialization.

00026:     */

00027:     public function init()

00028:     {

00029:         $this->_authManager = Yii::app()->authManager;

00030: $this->db = $this->_authManager->db;

00031:         $this->isInstalled = self::isInstalled();

00032: 

00033:         parent::init();

00034:     }

00035: 

00036:     /**

00037:     * Installs the Rights module.

00038:     * @param string $superUserRole Name of the super user role

00039:     * @param array $superUsers List of super users (id=>name)

00040:     * @return bool

00041:     */

00042:     public function install($defaultRoles, $superUserRole, $superUsers)


Stack Trace


#0 /home/digitaldealer/public_html/www/protected/modules/rights/components/RightsInstaller.php(30): CComponent->__get('db')

#1 /home/digitaldealer/public_html/www/framework/base/CModule.php(380): RightsInstaller->init()

#2 /home/digitaldealer/public_html/www/protected/modules/rights/RightsModule.php(98): CModule->setComponent('installer', Object(RightsInstaller))

#3 /home/digitaldealer/public_html/www/protected/modules/rights/RightsModule.php(66): RightsModule->install()

#4 /home/digitaldealer/public_html/www/framework/base/CModule.php(73): RightsModule->init()

#5 /home/digitaldealer/public_html/www/framework/YiiBase.php(194): CModule->__construct('rights', NULL, Array)

#6 /home/digitaldealer/public_html/www/framework/base/CModule.php(258): YiiBase::createComponent('rights.RightsMo...', 'rights', NULL, Array)

#7 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(379): CModule->getModule('rights')

#8 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(318): CWebApplication->createController('rights')

#9 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(121): CWebApplication->runController('rights')

#10 /home/digitaldealer/public_html/www/framework/base/CApplication.php(135): CWebApplication->processRequest()

#11 /home/digitaldealer/public_html/www/index.php(13): CApplication->run()

#12 {main}


2010-07-28 12:50:01 Apache/2.2.9 (Debian) Yii Framework/1.1.3



can you please help me out?

should i add a user model… how? :D thanks a lot

(removed code from quote.)

Hello joeysantiago,

Seems that you haven’t configured your authManager, you can do that by adding the following code to your component configuration:




'authManager'=>array(

	'class'=>'CDbAuthManager',

	'connectionID'=>'db', // as in your database configuraiton

),



Let me know if this helps.

As a side note, you should remove or comment out the sqlite-configuration.

Helo!

Hope everything’s ok in Helsinki. love that city.

anyhow:

i set up the DB connection and added the code you gave me under components array (hope it’s right!). now i get this error:


PHP Error

Description


YiiBase::include(User.php) [<a href='yiibase.include'>yiibase.include</a>]: failed to open stream: No such file or directory

Source File


/home/digitaldealer/public_html/www/framework/YiiBase.php(338)


00326:      * @param string class name

00327:      * @return boolean whether the class has been loaded successfully

00328:      */

00329:     public static function autoload($className)

00330:     {

00331:         // use include so that the error PHP file may appear

00332:         if(isset(self::$_coreClasses[$className]))

00333:             include(YII_PATH.self::$_coreClasses[$className]);

00334:         else if(isset(self::$_classes[$className]))

00335:             include(self::$_classes[$className]);

00336:         else

00337:         {

00338: include($className.'.php');

00339:             return class_exists($className,false) || interface_exists($className,false);

00340:         }

00341:         return true;

00342:     }

00343: 

00344:     /**

00345:      * Writes a trace message.

00346:      * This method will only log a message when the application is in debug mode.

00347:      * @param string message to be logged

00348:      * @param string category of the message

00349:      * @see log

00350:      */


Stack Trace


#0 /home/digitaldealer/public_html/www/framework/YiiBase.php(338): autoload()

#1 unknown(0): autoload()

#2 unknown(0): spl_autoload_call()

#3 /home/digitaldealer/public_html/www/protected/modules/rights/components/RightsAuthorizer.php(549): class_exists()

#4 /home/digitaldealer/public_html/www/framework/base/CComponent.php(152): RightsAuthorizer->setUser()

#5 /home/digitaldealer/public_html/www/protected/modules/rights/RightsModule.php(77): RightsAuthorizer->__set()

#6 /home/digitaldealer/public_html/www/framework/base/CModule.php(73): RightsModule->init()

#7 /home/digitaldealer/public_html/www/framework/YiiBase.php(194): RightsModule->__construct()

#8 /home/digitaldealer/public_html/www/framework/base/CModule.php(258): createComponent()

#9 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(379): CWebApplication->getModule()

#10 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(318): CWebApplication->createController()

#11 /home/digitaldealer/public_html/www/framework/web/CWebApplication.php(121): CWebApplication->runController()

#12 /home/digitaldealer/public_html/www/framework/base/CApplication.php(135): CWebApplication->processRequest()

#13 /home/digitaldealer/public_html/www/index.php(13): CWebApplication->run()


2010-07-28 14:42:01 Apache/2.2.9 (Debian) Yii Framework/1.1.3



kiitos paljon! :)

well, toivottavasti got it. hope it’s the right way.

created a User table on my db:


 CREATE TABLE `yii_digitaldealer`.`User` (

`idUser` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,

`username` VARCHAR( 120 ) NOT NULL ,

`email` VARCHAR( 240 ) NOT NULL ,

`password` VARCHAR( 40 ) NOT NULL

) ENGINE = MYISAM 

then in my folder through ssh i set up the User model:




php yiic shell config/main.php

model User

crud User



now it goes… is it the right way?

Yes that’s the correct way of doing it.

It’s now mentioned in the docs that an User model is required to run this module.

I’ve also added the schema for the user table in the schema.sql found under data. It will be included in future releases.

So now it’s working fine?

Chris83,

I think I followed the directions correctly in the PDF but things weren’t working. To get things to work I had to import all of these files:




'import'=>array(

	...

        'application.modules.rights.components.Rights',

        'application.modules.rights.components.RightsBaseController',

        'application.modules.rights.components.RightsFilter',

        'application.modules.rights.components.RightsWebUser',

),



…and the documentation says to just import:




'import'=>array(

	...

        'application.modules.rights.components.RightsWebUser',

),



Any idea what I’m doing wrong?

kiitoksia! :) nyt se toimii hyvin! :)

in the docs it said that creating a webapp with yii command it would have run, so i didn’t think about it. Anyhow, thanks a lot, this extension’s great.

@edwaa: in my main.php i wrote:




'import'=>array(

    'application.modules.rights.components.*'

),

and it goes smoothly…

greetings

i’m translating the module. In order to have the label for Auth Item translated in the user form i had to change the code of models/AssignmentForm.php:




public function attributeLabels()

	{

		return array(

			'authItem' => Yii::t('RightsModule.tr', 'Auth Item'),

		);

	}

and in file controllers/AssignmentController.php


'buttons'=>array(

		        'submit'=>array(

		            'type'=>'submit',

		            'label'=>Yii::t('RightsModule.tr', 'Assign'),

		        ),

		    ),

now looks like everything’s translated :)

Ok, now that it works, i’m trying to use it :D learning curves are funny :D

i figured out that in my controllers i have to extend RightsBaseController… :)

ex:




class PostController extends RightsBaseController

{

public function filters()

	{

		return array(

			'rights',

		);

	}




ok… now how can i check permissions? i created an Operation called PostController_actionCreate (tried also PostController_Create) and assigned it to a user (fredo). but when logged in with this user i navigate to http://digitaldealer.wdev.wedoo.local/index.php?r=post/create it says "You are not authorized to perform this action."…

what’s the matter? when i’ll get it, i promise you a beer (i’ll be in Helsinki in August!)

thanks a lot

(removed code from quote.)

Hello joeysantiago,

The naming policy is the following: Post_Create (if the controller is PostController and the action is actionCreate()).

This is thoroughly documented in the doc, read the section about ACAC and see if that helps to understand how it works.

Hi Chris,

For instance I have 10 Controllers and each Controller has about 10 Actions.

Controller always has some same Actions like: Index, View, Create, Delete,…

I think I could make task *_Index or *_View for all Controllers that have Index or View action.

What you say?

Sorry… the problem was my server kind of cached operations and assignements… i restarted apache2 for other stuff and now magically everything works.

i attached the italian translation… were my yesterday’s findings ok?

thanks a lot,

federico

PS: in my main php i set


'modules'=>array(

        'rights'=>array(

                //'install'=>true, // Remove this row after running the module the first time.

                'superUserRole'=>'Admin', // Only an example, this is the default value.

                'defaultRoles'=>array('Guest'), // Only an example, this is the default value.

                'superUsers'=>array(

                        1=>'admin',

                ),

        ),

	),

is ‘admin’ user’s username? i feel quite dumb… i tried to assign superUser to my username, but it doesn’t work…

thanks :)

What are difference between Operations and Tasks?

I create a role as below but it doesn’t work:

Name: Authorized_User

Description: authorized user

Bizrule: return Yii::app()->user->id


Controller:




    public function filters() {

        return array( 'rights', );

    }


    public function accessRules() {

        return array('index', 'view', 'create', 'update', 'delete', 'admin', 'topAuthors', 'articles', 'setdefault');

    }



I assigned Authorized_User has ability to Create new author.