Yii Framework Forum: yii-user with rights - Yii Framework Forum

Jump to content

  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

yii-user with rights Rate Topic: ***** 2 Votes

#41 User is offline   russellfeeed 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 01-September 11

Posted 21 March 2012 - 06:19 AM

Prevent Users From Changing Passwords

Hi

I have a similar issue as @Xav

I have created permissions for User.User.*, User.Profile.* etc in Rights but haven't assigned them to any User yet.

I've added
	/**
	 * @return array action filters
	 */
	public function filters()
	{
		return CMap::mergeArray(parent::filters(),array(
			'rights', // perform access control for CRUD operations
		));
	}


to both UserController and ProfileController.

I was hoping that this would allow me to allow or deny access to index.php/user/profile/changepassword

Is there a way to do this?

Thank in Advance
Russell
0

#42 User is offline   karmraj 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 13
  • Joined: 30-January 12
  • Location:Ahmedabad

Posted 28 April 2012 - 03:45 AM

Hi,

Suppose i need to assign some other role to new user from controller (like employee or student) except Authenticate or Guest? Then how can i assign that role to user?

Regards,
karmraj.


View Postiota, on 08 January 2011 - 11:24 PM, said:

Hi Chris, thanks so much for your comments - much appreciated :)


That makes sense, I wasn't really thinking about performance! I've tested this out and can confirm it works. So the modifications if anybody wants to use this method to automatically assign the 'Authenticated' role to users on registration (and admin creation) are as follows:

In main/config.php, add only the 'Guest' role in the 'defaultRoles' definition (needs to remain as an array I believe):

    'authManager'=>array(
        'class'=>'RightsAuthManager',   // provides support for authorization item sorting
        // assign default roles to all users, then use bizrules in Rights
        // to distinguish between 'Guest' and 'Authenticated' users
        'defaultRoles'=>array('Guest'),                         
    ),


Edit - the above code is for Rights version 1.1.0. If you have upgraded to 1.2.0 (see below), the class should be renamed to 'RDbAuthManager'.

Now to automatically assign the 'Authenticated' role to users on registration, modify the user/controllers/RegistrationController.php page.

In the actionRegistration() function, change:

    ...
    if ($model->save()) {
        $profile->user_id=$model->id;
        $profile->save();
        if (Yii::app()->controller->module->sendActivationMail) {
    ...


to...

    ...
    if ($model->save()) {
        $profile->user_id=$model->id;
        $profile->save();					
        // assign user the 'Authenticated' role for Rights module
        $authenticatedName = Rights::module()->authenticatedName;
        Rights::assign($authenticatedName, $model->id);
        if (Yii::app()->controller->module->sendActivationMail) {
    ...


And to ensure that users created using the admin creation screen are also assigned to the 'Authenticated' role, modify the user/controllers/AdminController.php page.

In the actionCreate() function, change:

    ...
    if($model->validate()&&$profile->validate()) {
        $model->password=Yii::app()->controller->module->encrypting($model->password);
        if($model->save()) {
            $profile->user_id=$model->id;
            $profile->save();
        }
        $this->redirect(array('view','id'=>$model->id));
    }
    ...


to...

    ...
    if($model->validate()&&$profile->validate()) {
        $model->password=Yii::app()->controller->module->encrypting($model->password);
        if($model->save()) {
            $profile->user_id=$model->id;
            $profile->save();
            // assign user the 'Authenticated' role for Rights module
            $authenticatedName = Rights::module()->authenticatedName;
            Rights::assign($authenticatedName, $model->id);
        }
        $this->redirect(array('view','id'=>$model->id));
    }
    ...


Note: using this method, business rules are no longer needed in Rights for either the 'Guest' or 'Authenticated' roles (which as Chris points out, will improve performance).

This solution worked for me, but I appreciate any suggestions for improvements, i.e. maybe there are less intrusive ways to assign these roles. Suggestions welcome, and thanks again to Chris who provided the code for the above role assignments!

Cheers, Rob

Karmraj Zala,
Team Leader at Rudrasoftech,
Ahmedabad, Gujarat, India.
0

#43 User is offline   Joemaxwell 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 25
  • Joined: 13-February 13
  • Location:Fiji Via Melbourne

Posted 17 April 2013 - 02:21 AM

View Postxav, on 13 May 2011 - 05:23 AM, said:

hello, I did all that and it works fine....apparently !! I came across a series of thoughts when using these two modules. At first i thought I could avoid modifying the code of an extension to be able to update with no problem. But that is not possible. The yii user code must be modified if you want, for example, assign a default role to a freshly registered user or have multiple profiles by roles.

Secondly, I've created Authorization items for the user module so no user other then admin is able to see the default list given by index.php/user/ (index action). Without success ! However, this task is assigned to no role ! So only the admin should see the list, right ?

Furthermore, i've noticed that by seeing the list the user could also click on an item and go to the view detail !!!

What I did is edit the userController.php and modify the filter to comply with rights
return array(
			'rights',
		);

and remove the rule part.

Then there was an improvement, the list was still visible but not the view detail anymore.

So I have two questions :

1. Is changing the controllers of the user extension the right move or is there another way ?
2. Why the user.default.index is still accessible after having
a.Created the tasks related to these action in rights and assigned it to none
b.Modified the userController to the 'rights' sauce ?

Regards,

xavier


Hi Did you install the table first for Auth before installation because i try your method not work for me.
0

#44 User is offline   Joemaxwell 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 25
  • Joined: 13-February 13
  • Location:Fiji Via Melbourne

Posted 22 April 2013 - 06:09 PM

View Postera123, on 20 February 2012 - 02:55 PM, said:

Thank you so much,
Yet i couldnt' fix it although i tried without the tables as you said.
Now it says another error

I've attached the error i got ,
And also main.php file


Somebody reply to this, i am also stuck on this,

I had drop the whole Auth Table and install it using the book change the configuration but still errors


<br class="Apple-interchange-newline">Error
An error occurred while installing Rights.

Please try again or consult the documentation.


0

#45 User is offline   masdib.banget 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 41
  • Joined: 02-July 13

Posted 18 July 2013 - 10:35 PM

hi,
How to fix about it? I installed yii-user, i want to disable registration. I use this tutorial : http://code.google.c...es/detail?id=42, but i have this Property "UserModule.disableRegisration" is not defined.

Attached File(s)


0

#46 User is offline   Muhammad Shahzad 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 48
  • Joined: 29-January 13
  • Location:Islamabad,Pakistan

Posted 07 September 2013 - 02:27 AM

Hello Yii Right Module experts,

In one of yii project installed yii right module and for login there is used a blog_user table,there is another table for students,Now I want to login with students table records but keep the yii right module functionality , How it is possible that both can login blog_user and students?
0

#47 User is offline   chamara 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 47
  • Joined: 05-June 13
  • Location:srilanka

Posted 08 October 2013 - 02:37 AM

View PostChris83, on 05 January 2011 - 05:28 PM, said:

Hello xav,

You should call Rights::assign() in your registration action to assign the desired role to the users when they register. Does this answer your question? :)

?php
/**
* user controller class
*
* @author chamara bandara
*/
Yii::import('application.extensions.simple_image');

class UserController extends Controller {
public $layout = '//layouts/column2';

public function filters() {
return array(
'accessControl', // perform access control for CRUD operations
'rights',
);
}

public function actions() {
return array(
'index' => 'application.modules.users.controllers.user.IndexAction',
'create' => 'application.modules.users.controllers.user.CreateAction',
'view' => 'application.modules.users.controllers.user.ViewAction',
'update' => 'application.modules.users.controllers.user.UpdateAction',
'delete' => 'application.modules.users.controllers.user.DeleteAction',
'admin' => 'application.modules.users.controllers.user.AdminAction',
'ajaxChangePassword' => 'application.modules.users.controllers.user.AjaxChangePasswordAction',
'UpdatePassword' => 'application.modules.users.controllers.user.UpdatePasswordAction',
'approve' => 'application.modules.users.controllers.user.ApproveAction',
'reject' => 'application.modules.users.controllers.user.RejectAction',
);
}
}

this is my controller with there action,

i am using rights but above actions can't get to Generate items list

how i do that plz help me?
0

#48 User is offline   nairgh 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 7
  • Joined: 05-October 13

Posted 01 January 2014 - 03:26 PM

I have the same problem first. I fixed like this. Edit the main.php as requested. Open schema.mysql.sql and create the mysql tables. Execute the link index.php?r=rights/install will install the rights.

Now it works like a cham !!
0

Share this topic:


  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users