Yii Framework Forum: RBAM - Role Based Access Control Manager - Yii Framework Forum

Jump to content

  • (6 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

RBAM - Role Based Access Control Manager Management of RBAC Authorisation Data via a web interface Rate Topic: ***** 2 Votes

#1 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 16 December 2010 - 08:03 AM

Role Based Access Manager (RBAM) is a Yii module that provides complete management of Authorisation Data (Authorisation Items, Authorisation Hierarchy, and Authorisation Assignments) for Yii’s Role Based Access Control system via a browser interface; it is intended for use in development and end-user administration environments.

RBAM has an intuitive “Web 2.0” interface to easily manage Authorisation Items (Roles, Tasks, and Operations), their hierarchy, and Authorisation Assignments. It presents all of an Authorisation Item’s information in one place providing a comprehensive overview and complete management of the item.

RBAM’s “Drill-down” and “Drill-up” features quickly show an item’s position in the Authorisation Hierarchy, what permissions it inherits (Drill down) and which Roles inherit its permissions (Drill up).

RBAM is built on top of Yii’s CAuthManager component and supports both of Yii’s built-in Authorisation Managers, CDbAuthManager and CPhpAuthManager, and authorisation managers extended from them.

The manual contains full configuration and usage details, and has loads of screenshots.
0

#2 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,341
  • Joined: 12-October 09
  • Location:Croatia

Posted 16 December 2010 - 08:12 AM

And just to have all together... here is the link:

http://www.yiiframew...extension/rbam/

@Yeti

NOTE that on the extension page the resources group is misleading... try a demo just goes to yiiframework/demo... please delete this part if you don't have a project page and/or a demo page
Find more about me.... btw. Do you know your WAN IP?
0

#3 User is offline   mjkulet 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 82
  • Joined: 03-November 10

Posted 16 December 2010 - 11:11 AM

I would like to test this one,but the documentation doesn't come with any sample data to play with.

It would be really nice if it has a working test site to check its features.
0

#4 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 16 December 2010 - 08:09 PM

Hi,

This extension is the start of something really good.

I have installed it and tried it using CDbAuthManager. I have it installed as a top level module.

This is my config:

	'modules'=>array(
		'rbam'=>array(
		'development'=>true,
		)
	),
...
    'authManager'=>array(
            'class'=>'CDbAuthManager',
            'connectionID'=>'db',
    ),


I have set the login to validate towards the tbl_user. I can log in and after initializing RBAM I can see my user having the role RBAC Manager.

If I now go to the page where I have http://www.johnspage...authitems/index (this is an internal link on my system so don't bother trying to go there). I can see the roles listed "RBAC Manager" claims to have two children. According to the documentation clicking the number of parents will drill down so I can see the sub roles of "RBAC Manager". Unfortunately this doesn't work.

The problem seems to be that I have a my site in a sub-folder of the web root. The javascript code running the ajax code is not prepared for that.

If I change the code for show children to look like this it works:
	$.fn.rbam.showChildren = function(el,url) {
		var jRow = $(el).parents('tr').first();
		if (jRow.hasClass('showing-children')) {
			jRow.next().remove();
			jRow.removeClass('showing-children');
		}
		else {
			var strItemName = jRow.children('td.item-name').first().text();
			$.get(
				'/rbam_test/index.php',
				{r:url.replace(/\/rbam_test\/index\.php\?r=/i,''),item:strItemName},
				function(data) {
					jRow.after('<tr class="children" style="display:none;"><td colspan="'+jRow.children('td').length+'">'+data+'</td></tr>');
					jRow.next().show();
					jRow.addClass('showing-children');
				},
				'HTML'
			);
		}
	};


This is not very elegant solution and was only a hack to find out what the problem was.

Maybe you could recode this to take sub-folders in to consideration?

I have the same problem on the page where you can drag and drop the the auth items so I assume that we have the same problem there.

Thanks for a great extension.

/John
0

#5 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 17 December 2010 - 09:35 AM

V1.1 released and a demo site is now available at http://rbam.pbm-webdev.co.uk/index.php

@br0sk
I have made some changes to fix the issue you found - many thanks for reporting it. Please let me know if it works OK for you now.

@mjkulet
RBAM does not come with sample data - your application is the sample data in terms of its modules, controllers, and their actions.

There is now a demo site at http://rbam.pbm-webdev.co.uk/index.php

@mdomba
Thanks for the link, though there is one already in the topic. Do not understand your comments about the resources. I have changed it to include a link to a demo site and the manual, but from text about the manual, not any links to non-existent resources. Perhaps some confusion with an other extension?
0

#6 User is offline   Maurizio Domba Cerin 

  • Yii - Yesss It Is !!!
  • Yii
  • Group: Yii Dev Team
  • Posts: 4,341
  • Joined: 12-October 09
  • Location:Croatia

Posted 17 December 2010 - 09:40 AM

Didn't note the link in the post, sorry... the demo link is now OK
Find more about me.... btw. Do you know your WAN IP?
0

#7 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 17 December 2010 - 10:44 AM

View PostYeti, on 17 December 2010 - 09:35 AM, said:

@br0sk
I have made some changes to fix the issue you found - many thanks for reporting it. Please let me know if it works OK for you now.


Works like a dream now!
Thanks for fixing it.
This is quite a big and complex extension, maybe you should setup a Google Code repository for it?

I will do some more testing later on, I will let you know if I find any more problems.
0

#8 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 17 December 2010 - 02:18 PM

I think I found another issue.

As soon as I add more than one role to a user I get an error message when trying to click the icon for "View roles assigned to this user" on the page http://www.johnspage...signments/index.

The error message is:

"Error 324 (net::ERR_EMPTY_RESPONSE): Unknown error.","heading":"This webpage is not available"

If I remove one of the AuthAssignments directly from the database I can click the link and it works again.

I was able to reproduce the problem in your demo too http://rbam.pbm-webd...userRoles&uid=1 .
0

#9 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 19 December 2010 - 07:32 AM

Thanks for this. Not sure what is happening here but will investigate (it of course all works just fine on my local test system :rolleyes: )
0

#10 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 19 December 2010 - 07:38 AM

View PostYeti, on 19 December 2010 - 07:32 AM, said:

Thanks for this. Not sure what is happening here but will investigate (it of course all works just fine on my local test system :rolleyes: )

Let me know if you need any help testing or debugging this problem. It looked very odd to me too. I didn't really see a reason for why it would return an empty page.
0

#11 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 19 December 2010 - 08:43 AM

View Postbr0sk, on 19 December 2010 - 07:38 AM, said:

Let me know if you need any help testing or debugging this problem. It looked very odd to me too. I didn't really see a reason for why it would return an empty page.


It seems the use of array_walk() to attach a behavior to the assignments causing the problem. I have changed the demo to use a foreach loop and it now works OK - would be great if you can confirm.

I need to go out now, so (assuming the demo works OK for you) I'll upload a fixed version this evening (UK time).
0

#12 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 19 December 2010 - 09:02 AM

View PostYeti, on 19 December 2010 - 08:43 AM, said:

It seems the use of array_walk() to attach a behavior to the assignments causing the problem. I have changed the demo to use a foreach loop and it now works OK - would be great if you can confirm.

I need to go out now, so (assuming the demo works OK for you) I'll upload a fixed version this evening (UK time).


The demo works fine now. I added a new role and assigned to user test1. I had no problems viewing the roles for this user now.

I think you must have added some debug information to this page http://rbam.pbm-webd...ts/assign&uid=2 .

It looks like this.

0
RbamAuthItemBehavior
1
RbamAuthItemBehavior
2
RbamAuthItemBehavior
3
RbamAuthItemBehavior
4
RbamAuthItemBehavior
5
RbamAuthItemBehavior

Don't forget to remove that before releasing the code tonight.

Let me know when you have uploaded the new code and I will test it in my local environment to see that it works.

Thanks
0

#13 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 20 December 2010 - 06:37 AM

V1.2 is released.

  • Fixed issue with multiple assignments to a user (only seen on some servers)
  • Added validation to biz rule to ensure it is a valid PHP "return" statement
  • Changed initialisation to always add RBAM and default roles if not present. This allows RBAM to be easily added to existing RBAC authorisation data
  • Added count of users with permission for an item to Auth Item Overview and Auth Item relationship tabs


There is also now a downloadable demo with some pre-installed authorisation data.
0

#14 User is offline   br0sk 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 53
  • Joined: 16-February 09

Posted 20 December 2010 - 08:36 AM

View PostYeti, on 20 December 2010 - 06:37 AM, said:

V1.2 is released.

  • Fixed issue with multiple assignments to a user (only seen on some servers)
  • Added validation to biz rule to ensure it is a valid PHP "return" statement
  • Changed initialisation to always add RBAM and default roles if not present. This allows RBAM to be easily added to existing RBAC authorisation data
  • Added count of users with permission for an item to Auth Item Overview and Auth Item relationship tabs


There is also now a downloadable demo with some pre-installed authorisation data.


Looks good. Multiple assignments are now working in my local environment.

I think you need to remove line 213 in AuthAssignmentsController.php.

It includes a call to
debugbreak();
. You probably only have that method locally.

I get this error message if I don't remove it:
Fatal error: Call to undefined function debugbreak() in /media/win_ws/johns_page/trunk/rbam_test/protected/modules/rbam/controllers/AuthAssignmentsController.php on line 21
0

#15 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 20 December 2010 - 09:01 AM

View Postbr0sk, on 20 December 2010 - 08:36 AM, said:

I think you need to remove line 213 in AuthAssignmentsController.php.

It includes a call to
debugbreak();
. You probably only have that method locally.


Thanks for spotting
0

#16 User is offline   mjkulet 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 82
  • Joined: 03-November 10

Posted 21 December 2010 - 06:18 AM

I am encountering this error:

PHP Error
Description

Parameter 1 to array_multisort() expected to be a reference, value given
Source File

/home/dataline/YiiRoot/framework/web/CArrayDataProvider.php(122)

00110:         if(empty($directions))
00111:             return;
00112:         $args=array();
00113:         foreach($directions as $name=>$descending)
00114:         {
00115:             $column=array();
00116:             foreach($this->rawData as $index=>$data)
00117:                 $column[$index]=is_object($data) ? $data->$name : $data[$name];
00118:             $args[]=$column;
00119:             $args[]=$descending ? SORT_DESC : SORT_ASC;
00120:         }
00121:         $args[]=&$this->rawData;
00122: call_user_func_array('array_multisort', $args);
00123:     }
00124: 
00125:     /**
00126:      * Converts the "ORDER BY" clause into an array representing the sorting directions.
00127:      * @param string the "ORDER BY" clause.
00128:      * @return array the sorting directions (field name => whether it is descending sort)
00129:      */
00130:     protected function getSortDirections($order)
00131:     {
00132:         $segs=explode(',',$order);
00133:         $directions=array();
00134:         foreach($segs as $seg)

Stack Trace

#0 /home/dataline/YiiRoot/framework/web/CArrayDataProvider.php(122): call_user_func_array()
#1 /home/dataline/YiiRoot/framework/web/CArrayDataProvider.php(70): ApArrayDataProvider->sortData()
#2 /home/testings/tet/protected/modules/rbam/extensions/alphapager/ApArrayDataProvider.php(47): ApArrayDataProvider->fetchData()
#3 /home/dataline/YiiRoot/framework/web/CDataProvider.php(122): ApArrayDataProvider->fetchData()
#4 /home/dataline/YiiRoot/framework/zii/widgets/CBaseListView.php(105): ApArrayDataProvider->getData()
#5 /home/dataline/YiiRoot/framework/zii/widgets/grid/CGridView.php(220): ApGridView->init()
#6 /home/testings/tet/protected/modules/rbam/extensions/alphapager/ApGridView.php(57): ApGridView->init()
#7 /home/dataline/YiiRoot/framework/web/CBaseController.php(140): ApGridView->init()
#8 /home/dataline/YiiRoot/framework/web/CBaseController.php(165): AuthItemsController->createWidget()
#9 /home/testings/tet/protected/modules/rbam/views/authItems/_indexTab.php(93): AuthItemsController->widget()
#10 /home/dataline/YiiRoot/framework/web/CBaseController.php(119): require()
#11 /home/dataline/YiiRoot/framework/web/CBaseController.php(88): AuthItemsController->renderInternal()
#12 /home/dataline/YiiRoot/framework/web/CController.php(798): AuthItemsController->renderFile()
#13 /home/testings/tet/protected/modules/rbam/views/authItems/generate.php(41): AuthItemsController->renderPartial()
#14 /home/dataline/YiiRoot/framework/web/CBaseController.php(119): require()
#15 /home/dataline/YiiRoot/framework/web/CBaseController.php(88): AuthItemsController->renderInternal()
#16 /home/dataline/YiiRoot/framework/web/CController.php(798): AuthItemsController->renderFile()
#17 /home/dataline/YiiRoot/framework/web/CController.php(739): AuthItemsController->renderPartial()
#18 /home/testings/tet/protected/modules/rbam/controllers/AuthItemsController.php(431): AuthItemsController->render()
#19 /home/dataline/YiiRoot/framework/web/actions/CInlineAction.php(50): AuthItemsController->actionGenerate()
#20 /home/dataline/YiiRoot/framework/web/CController.php(300): CInlineAction->run()
#21 /home/dataline/YiiRoot/framework/web/filters/CFilterChain.php(133): AuthItemsController->runAction()
#22 /home/dataline/YiiRoot/framework/web/filters/CFilter.php(41): CFilterChain->run()
#23 /home/dataline/YiiRoot/framework/web/CController.php(1049): CAccessControlFilter->filter()
#24 /home/dataline/YiiRoot/framework/web/filters/CInlineFilter.php(59): AuthItemsController->filterAccessControl()
#25 /home/dataline/YiiRoot/framework/web/filters/CFilterChain.php(130): CInlineFilter->filter()
#26 /home/dataline/YiiRoot/framework/web/CController.php(283): CFilterChain->run()
#27 /home/dataline/YiiRoot/framework/web/CController.php(257): AuthItemsController->runActionWithFilters()
#28 /home/dataline/YiiRoot/framework/web/CWebApplication.php(324): AuthItemsController->run()
#29 /home/dataline/YiiRoot/framework/web/CWebApplication.php(121): CWebApplication->runController()
#30 /home/dataline/YiiRoot/framework/base/CApplication.php(135): CWebApplication->processRequest()
#31 /home/testings/tet/index.php(13): CWebApplication->run()



This happens when I am directed to http://localhost/mys...Items/generate.

How can I solve this?
0

#17 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 22 December 2010 - 04:32 AM

View Postmjkulet, on 21 December 2010 - 06:18 AM, said:

I am encountering this error:

[code]PHP Error
Description

Parameter 1 to array_multisort() expected to be a reference, value given
Source File

/home/dataline/YiiRoot/framework/web/CArrayDataProvider.php(122)

This happens when I am directed to http://localhost/mys...Items/generate.

How can I solve this?


Not sure. Because the error is coming from CArrayDataProvider, which in turn is called from ApArrayDataProvider, my guess is this is a bug in one of those.

I seem to recall that there are some differences between PHP 5.2 and 5.3 regarding array_multi_sort(). Please confirm which version of PHP you are using.

Also, do you see the error on other pages, for example the Auth Items overview page? The reason for asking is that the ApGridView and ApArrayDataProvider classes are used extensively in RBAM, so I would expect the same error to show itself on many pages (most in fact).

Final question, how many and what authorisation items already exist in your system when you try to generate more?
0

#18 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 95
  • Joined: 30-May 09

Posted 22 December 2010 - 04:33 AM

V1.3 released

This improves I8n and data validation error handling in the JUI dialogs
0

#19 User is offline   volkmar 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 14-June 10
  • Location:Germany

Posted 22 December 2010 - 05:35 PM

If I set in main.php of the deno application...

'authManager'=>array(
'class'=>'CDbAuthManager',
),

than I get a error that the table "AuthItem" not exist.

Could you please make the install routine database indepentend such like in "Rights"?

The german translation isn't great. Do you need help?
nothing have to be
0

#20 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 2,601
  • Joined: 10-October 10
  • Location:Denmark

Posted 22 December 2010 - 05:50 PM

Volkmar:

Quote

The minimal schema required by RBAM for the user table is CREATE TABLE tbl_user (
id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
username VARCHAR(128) NOT NULL,
); Goes without saying that in an application there will be other columns, e.g. password, email address, etc.

For the auth data, if using CPhpAuthManager, by definition there is no schema as the auth data is not stored in a database. If using CDbAuthManager, the schema is that used by Yii as per Yii's "web/auth" directory. RBAM detects the type of auth manager being used and takes care of everything for you.


Do take a look at the extension page.
"Less noise - more signal"
0

Share this topic:


  • (6 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users