Yii Framework Forum: yii-user with rights - Yii Framework Forum

Jump to content

  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

yii-user with rights Rate Topic: ***** 2 Votes

#1 User is offline   Konstantin Molchanov 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 16
  • Joined: 04-December 09

Posted 18 November 2010 - 11:50 AM

Good day! I need 3 type of users(user, moderator, administrator) with different roles. I decide to use yii-user and rights extensions. I have 2 questions: 1. How to make 3d type of users in yii-user and how to use yii-user with rights?
0

#2 User is offline   Nayjest 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 85
  • Joined: 05-June 10
  • Location:Ukraine, Kiev

Posted 18 November 2010 - 01:01 PM

I use 'Yii-user' and 'Rights' extensions in one project. Just install 'Rights' as described in documentation, no modifications in 'Yii-user' needed. (Probably excepting setting of RBAC for controllers of Yii-user, but all of them is nested from Controller class, and if you will inherit Controller from RightsBaseController and add there all needed for your project functionality, all will be ok) ;)
Web-superman. My blog about web development (russian).
0

#3 User is offline   luc 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 211
  • Joined: 22-June 10
  • Location:france

Posted 18 November 2010 - 04:40 PM

Hi,

in your config:

	'import'=>array(
		'application.models.*',
		'application.components.*',
                'application.modules.user.models.*',
                'application.modules.user.components.*',
                'application.modules.rights.models.*',
                'application.modules.rights.components.*',                
	),

	'modules'=>array(
	

                'rights
	),

	// application components
	'components'=>array(
		'user'=>array(
			// enable cookie-based authentication
			//'class'=>'RightsWebUser',
			'allowAutoLogin'=>true,
                        'loginUrl' => array('/user/login'),
		),class Controller extends RightsBaseController
		'authManager'=>array('class'=>'RightsAuthManager'),
                ..........			

in component/controller.php:
class Controller extends RightsBaseController




in your controller:
	public function filters()
	{
		return array(
			//'accessControl', // perform access control for CRUD operations
			'rights',
		);
	}

Create atomic operations based on controllers actions with right's generator.
Create Tasks: each task must have children (operations)
Create your 3 roles and assign them tasks
Assign your users to their differents roles
Hey Ho !
Let's go !
0

#4 User is offline   Konstantin Molchanov 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 16
  • Joined: 04-December 09

Posted 20 November 2010 - 03:19 AM

Thanks a lot! Everything work!
0

#5 User is offline   luc 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 211
  • Joined: 22-June 10
  • Location:france

Posted 20 November 2010 - 01:17 PM

View PostKonstantin Molchanov, on 20 November 2010 - 03:19 AM, said:

Thanks a lot! Everything work!

good :-)
Hey Ho !
Let's go !
0

#6 User is offline   Jigz 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 22-November 10

Posted 22 November 2010 - 01:21 PM

I tried what was suggested above but I cannot get the rights top menu to show up. Apparently,
Yii::app()->user->checkAccess('RightsAdministration')


Is coming false for some reason, even though I am signed in as admin.
0

#7 User is offline   luc 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 211
  • Joined: 22-June 10
  • Location:france

Posted 23 November 2010 - 03:23 PM

View PostJigz, on 22 November 2010 - 01:21 PM, said:

I tried what was suggested above but I cannot get the rights top menu to show up. Apparently,
Yii::app()->user->checkAccess('RightsAdministration')


Is coming false for some reason, even though I am signed in as admin.

That's an issue that I've solved like this.
Hey Ho !
Let's go !
0

#8 User is offline   saric 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 25-October 10
  • Location:Czech Republic

Posted 30 December 2010 - 09:34 AM

View PostKonstantin Molchanov, on 20 November 2010 - 03:19 AM, said:

Thanks a lot! Everything work!


Hi everyone,
I am trying to to integrate these two modules together as well but I haven't succeeded yet. Could anyone who did it share his/her skeleton application?

Thanks in advance.
0

#9 User is online   xav 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 09-August 10

Posted 05 January 2011 - 10:11 AM

Hello everyone, I've just installed both extensions and it seems to get working. Nevertheless, I have a practical question.

Is that right to say that when a user register to the web app (using the registration form of yii user) something must be done to give that registered user the appropriate role defined in rights ?

Thus, yii user extension code should be adapted !

Just tell me if I'm wrong and if there is a more straightforward mechanism ?

Regards,

xav
0

#10 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 05 January 2011 - 05:28 PM

View Postxav, on 05 January 2011 - 10:11 AM, said:

Hello everyone, I've just installed both extensions and it seems to get working. Nevertheless, I have a practical question.

Is that right to say that when a user register to the web app (using the registration form of yii user) something must be done to give that registered user the appropriate role defined in rights ?

Thus, yii user extension code should be adapted !

Just tell me if I'm wrong and if there is a more straightforward mechanism ?

Regards,

xav


Hello xav,

You should call Rights::assign() in your registration action to assign the desired role to the users when they register. Does this answer your question? :)
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
1

#11 User is online   xav 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 09-August 10

Posted 06 January 2011 - 02:44 AM

View PostChris83, on 05 January 2011 - 05:28 PM, said:

Hello xav,

You should call Rights::assign() in your registration action to assign the desired role to the users when they register. Does this answer your question? :)



Yes, totally. Many thanks Chris83.

Kind Regards,

xav

...and best whishes by the way.
0

#12 User is offline   iota 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 17
  • Joined: 07-January 11
  • Location:Auckland, New Zealand

Posted 08 January 2011 - 05:22 PM

Managing Guest and Authenticated Role Permissions

I hope the following is useful for those trying to configure Yii-user with Rights and want to configure ACAC access using Rights. Admittedly, I am very new to the yii framework, so I present this mainly in the hope of getting feedback on the approach (for better or worse).

Edit: please read Chris's response immediately following this for an alternative approach that does not use business rules and is therefore faster. I have also followed his response with guidelines for this method.

Assumptions

  • You have successfully installed Yii-user and Rights extensions.
  • You have extended your application base controller (normally called Controller) from the RightsBaseController [Edit - RController for version 1.2.0]
  • You have added 'rights' to your controllers' filters (you can then remove 'accessControl' filter and accessRules() function).
  • You have determined which actions should always be allowed by implementing the allowedActions() function (optional).

Note: instructions for 2 & 4 are in the Rights documentation (yii-rights-doc-1.1.0.pdf on page 7).

In main/config.php, I added the following 'defaultRoles' definition:

    'authManager'=>array(
        'class'=>'RightsAuthManager',	// provides support for authorization item sorting
        // assign default roles to all users, then use bizrules in Rights
        // to distinguish between 'Guest' and 'Authenticated' users
        'defaultRoles'=>array('Guest','Authenticated'), 			
    ),


Edit - the above code is for Rights version 1.1.0. If you have upgraded to 1.2.0 (see below), the class should be renamed to 'RDbAuthManager'.

This is only half the solution though. Now, in the Rights Roles screen, add the following business rules to the 'Guest' and 'Authenticated' roles:

Guest (Role) business rule:

return Yii::app()->user->isGuest;

Authenticated (Role) business rule:

return !Yii::app()->user->isGuest;

So in effect, all users are assigned both roles, but the business rules then determine whether a user is anonymous (Guest) or authenticated. This avoids having to assign roles to users as they register (you may still want to do this for other roles, but it makes no sense to me to do this for the Guest and Authenticated roles).

Note: it took me a while to cotton on to this as I thought that the default Rights configurations: 'authenticatedName'=>'Authenticated' and 'guestName'=>'Guest' would allow for this automatically. This doesn't seem to be the case, or these are used in other ways...

Now that all this is established, Rights can control access for all controllers that are configured to use the Rights access control filter, e.g.

    /**
    * @return array action filters
    */
         public function filters()
	 {
	    return array(
	        'rights',
	    );
	}

Controlling Access to User Lists and Profile Views

This method can be used to manage access to the default user list and user profile view (Yii-user makes these available to all users by default and I didn't want this), e.g. in user/controllers/DefaultController.php and user/controllers/UserController.php, add the above filter code (in UserController.php you will need to remove the 'accessControl' filter and accessRules() function).

Then in Rights, you can use the Permissions screen to generate items for controller actions (e.g. UserModule Default.* and User.*) and Assign rights to roles as you see fit, e.g. you may only want to allow Authenticated users to be able to see a list of users and their user profiles.

Allowed Actions

For now, I don't tend to use the allowedActions() function to assign default permissions as this then overrides any permissions you may manage with Rights for those controllers. You may find cases where you want to do this, however.

You can also apply the Rights filter to the Site Controller (controllers/SiteController.php) and then use Rights to manage access to the general site pages (or lock them down entirely).

Summary

It took me quite a while to get all this working and I found it frustrating piecing bits of information from documentation, tutorials, and forum posts. I'm sure a lot of this is just ignorance on my part, but when you're a complete beginner, sometimes the simplest things are difficult!

These are two fantastic extensions that naturally seem to fit together. I hope my experiences may help out those trying to do likewise!

I welcome comments from more experienced users to confirm that this approach is valid or whether I have assumed something that may be problematic.

/Rob
3

#13 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 08 January 2011 - 06:02 PM

Hello Rob,

First of all I want to say that it's much appreciated that you've written this tutorial. I'm sure it will be of great use for community members who wishes to integrate both of these extensions into their Yii application.

About your role assignment, I would do it a bit differently because doing the permission check using business rules always comes with a performance penalty.

Instead I would suggest changing the default roles only to include the 'Guest'-role and instead assign the 'Authenticated'-role to each user when they are created. This can be done using the Rights::assign()-method, for more information check out the Rights documentation which can be downloaded here. This way you can avoid using business rules and therefore avoid the performance penalty.

About the allowedActions()-method, I'm thinking of removing it because you can accomplish the same result using the +/- operators that Yii supports for controller filters. You could e.g. specify your filters as following:

public function filters()
{
	return array(
		'rights - index, suggestedTags',
	);
}

You can read more about Yii's controller filters here.

Myself I also try to avoid using the allowedActions because there is always another way of doing this. If you're curious in how to avoid this method you should check the PostController.php in my demo package (Yii Blog demo with Rights) which can be downloaded here.

As a side note I could add that some things are going to be changed in version 1.2.0 which is shortly coming out, e.g. the RightsBaseController is now called RController, so you need to update your post after the release.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
2

#14 User is offline   iota 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 17
  • Joined: 07-January 11
  • Location:Auckland, New Zealand

Posted 08 January 2011 - 11:24 PM

Hi Chris, thanks so much for your comments - much appreciated :)

View PostChris83, on 08 January 2011 - 06:02 PM, said:

About your role assignment, I would do it a bit differently because doing the permission check using business rules always comes with a performance penalty.

Instead I would suggest changing the default roles only to include the 'Guest'-role and instead assign the 'Authenticated'-role to each user when they are created. This can be done using the Rights::assign()-method, for more information check out the Rights documentation which can be downloaded here. This way you can avoid using business rules and therefore avoid the performance penalty.

That makes sense, I wasn't really thinking about performance! I've tested this out and can confirm it works. So the modifications if anybody wants to use this method to automatically assign the 'Authenticated' role to users on registration (and admin creation) are as follows:

In main/config.php, add only the 'Guest' role in the 'defaultRoles' definition (needs to remain as an array I believe):

    'authManager'=>array(
        'class'=>'RightsAuthManager',   // provides support for authorization item sorting
        // assign default roles to all users, then use bizrules in Rights
        // to distinguish between 'Guest' and 'Authenticated' users
        'defaultRoles'=>array('Guest'),                         
    ),


Edit - the above code is for Rights version 1.1.0. If you have upgraded to 1.2.0 (see below), the class should be renamed to 'RDbAuthManager'.

Now to automatically assign the 'Authenticated' role to users on registration, modify the user/controllers/RegistrationController.php page.

In the actionRegistration() function, change:

    ...
    if ($model->save()) {
        $profile->user_id=$model->id;
        $profile->save();
        if (Yii::app()->controller->module->sendActivationMail) {
    ...


to...

    ...
    if ($model->save()) {
        $profile->user_id=$model->id;
        $profile->save();					
        // assign user the 'Authenticated' role for Rights module
        $authenticatedName = Rights::module()->authenticatedName;
        Rights::assign($authenticatedName, $model->id);
        if (Yii::app()->controller->module->sendActivationMail) {
    ...


And to ensure that users created using the admin creation screen are also assigned to the 'Authenticated' role, modify the user/controllers/AdminController.php page.

In the actionCreate() function, change:

    ...
    if($model->validate()&&$profile->validate()) {
        $model->password=Yii::app()->controller->module->encrypting($model->password);
        if($model->save()) {
            $profile->user_id=$model->id;
            $profile->save();
        }
        $this->redirect(array('view','id'=>$model->id));
    }
    ...


to...

    ...
    if($model->validate()&&$profile->validate()) {
        $model->password=Yii::app()->controller->module->encrypting($model->password);
        if($model->save()) {
            $profile->user_id=$model->id;
            $profile->save();
            // assign user the 'Authenticated' role for Rights module
            $authenticatedName = Rights::module()->authenticatedName;
            Rights::assign($authenticatedName, $model->id);
        }
        $this->redirect(array('view','id'=>$model->id));
    }
    ...


Note: using this method, business rules are no longer needed in Rights for either the 'Guest' or 'Authenticated' roles (which as Chris points out, will improve performance).

This solution worked for me, but I appreciate any suggestions for improvements, i.e. maybe there are less intrusive ways to assign these roles. Suggestions welcome, and thanks again to Chris who provided the code for the above role assignments!

Cheers, Rob
3

#15 User is online   xav 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 09-August 10

Posted 13 January 2011 - 05:18 PM

Hi, I don't know for what reason but I keep getting this error
YiiBase::include(RightsBaseController.php) [<a href='yiibase.include'>yiibase.include</a>]: failed to open stream: No such file or directory 
thou I've been getting through the installation process. Everything was fine until I extended the RightsBaseController. Maybe I'm so much in it that I can't see my mistake ? Any ideas on this anyway?

Regards,

xav
0

#16 User is online   xav 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 09-August 10

Posted 14 January 2011 - 02:49 AM

View Postxav, on 13 January 2011 - 05:18 PM, said:

Hi, I don't know for what reason but I keep getting this error
YiiBase::include(RightsBaseController.php) [<a href='yiibase.include'>yiibase.include</a>]: failed to open stream: No such file or directory 
thou I've been getting through the installation process. Everything was fine until I extended the RightsBaseController. Maybe I'm so much in it that I can't see my mistake ? Any ideas on this anyway?

Regards,

xav


Ok, it's solved ! I renamed RightsBaseController to RController (v1.2) and it works fine.

Great extension.

Regards,

xavier
0

#17 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 14 January 2011 - 05:03 AM

View Postxav, on 14 January 2011 - 02:49 AM, said:

Ok, it's solved ! I renamed RightsBaseController to RController (v1.2) and it works fine.

Great extension.

Regards,

xavier


I've mentioned this is quite a few places. Glad you were able to find the information. :)
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#18 User is offline   kingsol 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 09-January 11

Posted 18 January 2011 - 12:36 AM

Hey Chris83, or anyone that has a moment to help... I have installed both modules per the instructions. As soon as I enable rights in the Controller filter, when not logged in, and I visit /user/login I get an infinite redirect... any ideas?
0

#19 User is offline   Rodrigo79 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 19-January 11

Posted 19 January 2011 - 11:36 AM

First of all, great extensions both yii-user and rights.
I've a question for those who manage to make them work together. I'm a begginer at Yii so maybe this is to basic, but while the two extensions work with users, which model is loaded? I need to extend the user model or access the profile fields but when I call user->something it tells me RWebUser doesn't have that field or method.
Thanks, and congratulations all for the good work.
0

#20 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 19 January 2011 - 03:19 PM

View Postkingsol, on 18 January 2011 - 12:36 AM, said:

Hey Chris83, or anyone that has a moment to help... I have installed both modules per the instructions. As soon as I enable rights in the Controller filter, when not logged in, and I visit /user/login I get an infinite redirect... any ideas?


Hey kingsol,

I'm not entirely sure but I think that's a bug that I have fixed in the latest release. Please update Rights and try again. If you're already running the newest version please report back and we'll try to figure out what the problem is.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

Share this topic:


  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users