Yii Framework Forum: RBAM - Role Based Access Control Manager - Yii Framework Forum

Jump to content

  • (6 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

RBAM - Role Based Access Control Manager Management of RBAC Authorisation Data via a web interface Rate Topic: ***** 2 Votes

#41 User is offline   robregonm 

  • Expert Yii Developer
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 595
  • Joined: 30-July 09
  • Location:Colombia

Posted 07 March 2011 - 06:40 PM

Since I didn't find a "default controller" to inherit from, I decided to share the one I wrote for that, I coded it based on SRBAC module.

Attached File  Controller.php (1.56K)
Number of downloads: 169

I hope this file helps you.

Regards.

Ricardo.
Ricardo Obregón

YiiFramework en Español - http://yiiframework.co/ - http://yiiframeworkenespanol.org/ - Yii Code Generator for Bootstrap
http://obregon.co/ - https://1server.co/
PHP 5.5+, nginx 1.7, MySQL(MariaDB & PerconaDB), PostgreSQL 9, Yii 2, CanJS
Follow me: @robregonm & @obregonco & @1ServerCo.
0

#42 User is offline   Andrey Geonya 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 08-March 11
  • Location:Ukraine

Posted 08 March 2011 - 10:46 AM

Please check the code in RbamInitialiser.php on lines 153 and 156.
File description and version:
/* SVN FILE: $Id: RbamInitialiser.php 18 2010-12-24 08:25:35Z Chris $*/
/**
* RBAM Initialiser class file.
* Initialises the RBAC system and/or RBAM.
*
* @copyright	Copyright © 2010 PBM Web Development - All Rights Reserved
* @package		RBAM
* @since			V1.0.0
* @version		$Revision: 18 $
* @license		BSD License (see documentation)
*/

In this file you pass
array('{child}'=>$childName, '{parent}'=>$name)
parameters to the CException constructor, but they should be passed to the Yii::t() method.
The bug is here:
if (empty($items[$childName]))
	throw new CException(Yii::t('RbamModule.initialisation', 'Cannot add "{child}" as a child of "{parent}". "{child}" does not exist'), array('{child}'=>$childName, '{parent}'=>$name));
if ($items[$childName]['type']>$items[$name]['type'])
	throw new CException(Yii::t('RbamModule.initialisation', 'Cannot add "{child}" as a child of "{parent}". Incompatible types'), array('{child}'=>$childName, '{parent}'=>$name));

Thanks! And sorry for my bad English.
0

#43 User is offline   Mythriel 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 01-March 11

Posted 11 March 2011 - 08:52 AM

I couldn't initialize RBAM and added
$this->initialize = true;
in RbamModule.php but now i get this error
Undefined index: Auth Assignments Manager

/opt/lampp/htdocs/trackME/protected/modules/rbam/components/RbamInitialiser.php(326)

314                     'type'=>CAuthItem::TYPE_ROLE,
315                     'description'=> Yii::t('RbamModule.initialisation','Default role for users that are logged in. RBAC default role.'),
316                     'bizRule'=>'return !Yii::app()->getUser()->getIsGuest();',
317                     'data'=>null,
318                 ),
319                 $this->defaultRoles['Guest']=>array(
320                     'type'=>CAuthItem::TYPE_ROLE,
321                     'description'=> Yii::t('RbamModule.initialisation','Default role for users that are not logged in. RBAC default role.'),
322                     'bizRule'=>'return Yii::app()->getUser()->getIsGuest();',
323                     'data'=>null,
324                 ),
325             );
326         return $this->_defaultAuthData[$index];
327     }
328 }


My application components looks ok ...
'components'=>array(
                'authManager'=>array(
                        'class'=>'CDbAuthManager',
                        'connectionID'=>'db',
                ),


Can anyone fix this? thx :)
0

#44 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 97
  • Joined: 30-May 09

Posted 20 March 2011 - 05:03 AM

@JB Renard
Not sure what the issue you are having is as you haven't given any examples, so I hope the following helps.

You can restrict access to actions using the "accessControl" filter and defining access rules. The following snippet uses the "accessControl" filter and limits access to the "delete" action to users that are assigned the "admin" role.

The "admin" role and user assignments to it must exist (CAuthManager and its child classes define how to do this. The RBAM, Rights, and SRBAC extensions provide user interfaces to manage auth items and their assignments)

class MyController extends CController {
  ......
  public function filters() {
    return array(
      'accessControl',
    );
  }

  public function accessRules() {
    return array(
      ......
      array('allow',
        'actions'=>array('delete'),
        'roles'=>array('admin'),
      ),
      array('deny',
        'actions'=>array('delete'),
        'users'=>array('*'),
      ),
    );
  }
  ......
}


You can also check access rights to an auth item for the current user "on-the-fly" anywhere you need to in your code using the CWebUser::checkAccess() method. The following snippet checks whether the user has the "admin" auth item assigned.

$allowed = Yii::app()->getUser()->checkAccess('admin');


Note that access rights to an auth item can be inherited; i.e. if the item being checked is a descendant item of a role assigned to the current user, CWebUser::checkAccess() returns TRUE. In the snippet below, if the auth item "deletePost" is a descendant of a role assigned to the current user, $allowed===TRUE.

$allowed = Yii::app()->getUser()->checkAccess('deletePost');



@Andrey Geonya

Thanks for spotting.

Your English is much better than my Ukranian :)

@Mythriel

Thanks for this; there is a bug in the default auth data construction.

A replacement RbamInitialiser.php file is attached. Please replace your existing file with this one. (I'll do a full release ASAP)

Attached File(s)


0

#45 User is offline   Kshitij 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 18-December 10

Posted 22 March 2011 - 03:53 PM

View PostYeti, on 20 March 2011 - 05:03 AM, said:


@Mythriel

Thanks for this; there is a bug in the default auth data construction.

A replacement RbamInitialiser.php file is attached. Please replace your existing file with this one. (I'll do a full release ASAP)


Hi Yeti,

I tried using the new attached RbamInitialiser.php but am still stuck at the same error as mentioned below:

PHP Error
Description

Undefined index: Auth Assignments Manager
Source File

D:\wamp\www\psp\protected\modules\rbam\components\RbamInitialiser.php(326)

00314:                     'type'=>CAuthItem::TYPE_ROLE,
00315:                     'description'=> Yii::t('RbamModule.initialisation','Default role for users that are logged in. RBAC default role.'),
00316:                     'bizRule'=>'return !Yii::app()->getUser()->getIsGuest();',
00317:                     'data'=>null,
00318:                 ),
00319:                 $this->defaultRoles['Guest']=>array(
00320:                     'type'=>CAuthItem::TYPE_ROLE,
00321:                     'description'=> Yii::t('RbamModule.initialisation','Default role for users that are not logged in. RBAC default role.'),
00322:                     'bizRule'=>'return Yii::app()->getUser()->getIsGuest();',
00323:                     'data'=>null,
00324:                 ),
00325:             );
00326: return $this->_defaultAuthData[$index];
00327:     }
00328: }

Stack Trace

#0 D:\wamp\www\psp\protected\modules\rbam\components\RbamInitialiser.php(106): RbamInitialiser->defaultAuthData()
#1 D:\wamp\www\psp\protected\modules\rbam\controllers\RbamInitialiseController.php(83): RbamInitialiser->initialiseRBAC()
#2 D:\wamp\www\Yii\framework\web\actions\CInlineAction.php(50): RbamInitialiseController->actionInitialise()
#3 D:\wamp\www\Yii\framework\web\CController.php(300): CInlineAction->run()
#4 D:\wamp\www\Yii\framework\web\filters\CFilterChain.php(133): RbamInitialiseController->runAction()
#5 D:\wamp\www\Yii\framework\web\filters\CFilter.php(41): CFilterChain->run()
#6 D:\wamp\www\Yii\framework\web\CController.php(1049): CAccessControlFilter->filter()
#7 D:\wamp\www\Yii\framework\web\filters\CInlineFilter.php(59): RbamInitialiseController->filterAccessControl()
#8 D:\wamp\www\Yii\framework\web\filters\CFilterChain.php(130): CInlineFilter->filter()
#9 D:\wamp\www\Yii\framework\web\CController.php(283): CFilterChain->run()
#10 D:\wamp\www\Yii\framework\web\CController.php(257): RbamInitialiseController->runActionWithFilters()
#11 D:\wamp\www\Yii\framework\web\CWebApplication.php(324): RbamInitialiseController->run()
#12 D:\wamp\www\Yii\framework\web\CWebApplication.php(121): CWebApplication->runController()
#13 D:\wamp\www\Yii\framework\base\CApplication.php(135): CWebApplication->processRequest()
#14 D:\wamp\www\psp\index.php(13): CWebApplication->run()


Am I missing a very basic point in here.
0

#46 User is offline   Kshitij 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 18-December 10

Posted 23 March 2011 - 11:13 AM

View PostKshitij, on 22 March 2011 - 03:53 PM, said:

PHP Error
Description

Undefined index: Auth Assignments Manager

 return $this->_defaultAuthData[$index];




ok..I figured out that the problem was in this line. It can be fixed by changing this line to
return $this->_defaultAuthData[$this->defaultRoles[$index]];


Is this fix correct? Also, after fixing this, am stuck at another issue. Pls look into this and see if anyone can help in here. I am new to php and yii, so pls dont mind explaining even if this seems to be a very basic issue. :)


PHP Error
Description

Parameter 1 to array_multisort() expected to be a reference, value given
Source File

D:\wamp\www\Yii\framework\web\CArrayDataProvider.php(122)

00110:         if(empty($directions))
00111:             return;
00112:         $args=array();
00113:         foreach($directions as $name=>$descending)
00114:         {
00115:             $column=array();
00116:             foreach($this->rawData as $index=>$data)
00117:                 $column[$index]=is_object($data) ? $data->$name : $data[$name];
00118:             $args[]=$column;
00119:             $args[]=$descending ? SORT_DESC : SORT_ASC;
00120:         }
00121:         $args[]=&$this->rawData;
00122: call_user_func_array('array_multisort', $args);
00123:     }
00124: 
00125:     /**
00126:      * Converts the "ORDER BY" clause into an array representing the sorting directions.
00127:      * @param string the "ORDER BY" clause.
00128:      * @return array the sorting directions (field name => whether it is descending sort)
00129:      */
00130:     protected function getSortDirections($order)
00131:     {
00132:         $segs=explode(',',$order);
00133:         $directions=array();
00134:         foreach($segs as $seg)



0

#47 User is offline   Sombell 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 19-February 10

Posted 25 March 2011 - 05:39 AM

I'm having a 'problem' using getMenuItem()...

I've modified main.php in protected\views\layouts\main.php as follows:
	
<div id="mainmenu">
	<?php 
	$this->widget('zii.widgets.CMenu',array(
		'items'=>array(
			array('label'=>'Home', 'url'=>array('/site/index')),
			array('label'=>'About', 'url'=>array('/site/page', 'view'=>'about')),
			array('label'=>'Contact', 'url'=>array('/site/contact')),
			array('url'=>Yii::app()->getModule('user')->loginUrl, 'label'=>Yii::app()->getModule('user')->t("Login"), 'visible'=>Yii::app()->user->isGuest),
			array('url'=>Yii::app()->getModule('user')->registrationUrl, 'label'=>Yii::app()->getModule('user')->t("Register"), 'visible'=>Yii::app()->user->isGuest),
			array('url'=>Yii::app()->getModule('user')->profileUrl, 'label'=>Yii::app()->getModule('user')->t("Profile"), 'visible'=>!Yii::app()->user->isGuest),
			array('url'=>Yii::app()->getModule('user')->logoutUrl, 'label'=>Yii::app()->getModule('user')->t("Logout").' ('.Yii::app()->user->name.')', 'visible'=>!Yii::app()->user->isGuest),
			Yii::app()->getModule('rbam')->getMenuItem(),
		),
	)); ?>
</div><!-- mainmenu -->


When I log on with a user who is permitted access to RBAM I get this in my menu...(see attached image)
(the items on the second row don't appear to be 'wrapped' - my screen is much wider)

Not only does this look wrong to me, but the links for the RBAM item is <host>/rbam/users, though the other links appear correct (<host>/testyii/index.php?r=authAssignments/index)

Also when the mouse rolls over the two "Auth" links, no dropdown appears, but if i roll the mouse down then the a submenu appears - though this also appears wrong to me - only the one item the mouse is "over" is shown, and I suspect they're "jumbled":

Auth Assignments
Create Role
Generate Auth Data

Auth Items
Create Task


Any help appreciated & if you need more information please let me know
(At the moment I have "pretty urls" turned off)

Attached File(s)

  • Attached File  menu.jpg (6.75K)
    Number of downloads: 61

0

#48 User is offline   Yeti 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 97
  • Joined: 30-May 09

Posted 05 April 2011 - 02:22 PM

V1.6.1 is released.

@Kshitij - yes the line change is correct. I didn't spot in testing as my names are the same as the indices

re: the issue with CArrayDataProvider - This is a Yii question and I think better asked on the main Yii thread if you have not already.

@Sombell
There was a bug in getMenu(). All URLs are now expressed as arrays, which means they will be generated using CHtml::normalizeUrl().

What you should end up with in your HTML is something like (just the main UL & RBAM menu shown, and of course the actual URLs will depend on your configuration and directory layout.) :
<ul>
  ...
  <li><a title="Manage Roles &amp; Assignments" href="/rbam/rbam">RBAM</a>
    <ul>
      <li><a href="/rbam/authAssignments/index">Auth Assignments</a></li>
      <li><a href="/rbam/authItems/index">Auth Items</a>
        <ul>
          <li><a href="/rbam/authItems/create/type/2">Create Role</a></li>
          <li><a href="/rbam/authItems/create/type/1">Create Task</a></li>
          <li><a href="/rbam/authItems/create/type/0">Create Operation</a></li>
        </ul>
      </li>
      <li><a href="/rbam/authItems/generate">Generate Auth Data</a></li>
      <li><a href="/rbam/rbamInitialise/initialise">Re-Initialise RBAC</a></li>
    </ul>
  </li>
  ...
</ul>


I hope this helps.
0

#49 User is offline   got 2 doodle 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 248
  • Joined: 12-December 08
  • Location:Beautiful Nova Scotia, Canada

Posted 28 April 2011 - 09:47 AM

After all of the comments I made on the extension page I figured I should continue in the forum. I will also post a link to this topic on the extension page.

I did finally get some satisfaction with setting up an environment where one assigned role could edit any document and one assigned role could only edit their own documents. I found few if any examples of using the business rules, most examples are like
return /* do something really smart here */; // don't forget the semi colon


So maybe by the time I explain this to others I will understand it myself :rolleyes: , consider this my personal documentation (because I know I will have to review this another day).

I have two users assigned admin the 'Super User' and demo a 'member'

'SuperUser' is a role
'member' is a role

'SuperUser' has all other roles as children pre-defined roles 'Authenticated, Guest, RBAC Manager' plus my own defined roles 'member, pageEditor, siteOwner'

'member' has parents 'SuperUser' and children (roles) 'pageEditor' and (tasks) 'editOwnDocument'

so both roles have 'pageEditor' and 'editOwnDocument'

editOwnDocument has the following code in the business rules area.
return Yii::app()->controller->isDocOwner();

This means it will call the function isDocOwner() within the controller that accessed the auth filter.

The following code allows the user to access the update function.
  public function filters() {
    return array(
     'accessControl',
    );
  }

  public function accessRules() {
    return array(
        array('allow',
        'actions'=>array('login'),
        'users'=>array('*'),
      ),
        array('allow',
                'actions'=>array('logout','index','simpletree','getContent'),
                'roles'=>array('member'),
      ),
        array('allow',
                'actions'=>array('update'),
                'roles'=>array('pageEditor'),
            ),

      array('deny',  // deny all users
		'users'=>array('*'),
		),
    );
  }

I am using the simpleTree extension for navigating the documents so I have to allow access to my landing page 'index' the simpletree function and getContent which updates info depending on which document is selected in the tree. Probably I should have another rule for the logout that allows all authenticated user access to the logout function.

'member' is pretty low on the totem pole but the SuperAdmin qualifies because of the inheritance of the member role. In order to get to the update function you must have 'pageEditor' role, member has this task a a child, so does SuperUser.

If you don't have this you can't even get to the update function, you just don't go there.

However once you to get to the update function, we want only people who are allowed to edit all documents or people editing their own document.

Here is the function that checks whether you are allowed to edit this document.
public function isDocOwner()
        {
                // it could be someone really important, let's check
             if(Yii::app()->user->checkAccess('editAllDocuments'))
             {
     return true;  //edit away!
             } else {
               // ok, nobody important but it could be the document owner.
     return (Yii::app()->user->id == $this->_model->createdby ? true : false);
                    }
     return false; // you should never get here but if you do? you still can't edit
        }

I could check to see if it is the super user but instead I have a task 'editAllDocuments' that I can assign to other roles, probably will give this permission to siteOwner for example.

In the update function we have the following code.
 public function actionUpdate()
	{
                $this->layout = '//layouts/admin2col';
		$model=$this->loadModel(); // now we have $this->_model
                
               if(Yii::app()->user->checkAccess('editOwnDocument')) // check if the user can edit this document
               {
               // do something really smart here...
                if(isset($_POST['Webpage']))
		{


So there you have it, it works. I can't claim that it is 'best practice' maybe in a year I will review this and think 'what an idiot I was!'

I would love some feedback and other examples of using business rules in RBAC.
doodle
Check out myYii powered website
0

#50 User is offline   Attilio 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 98
  • Joined: 10-May 11
  • Location:Bari, Italy and Guatemala, Guatemala

Posted 11 May 2011 - 03:16 PM

Hello, I think I found a new bug but I don't know how to fix it.

I'm using a custom configuration, it means model is not User and id column is not id.

This is my configuration:

        'rbam'=>array(
            .....
            'userClass'=>'Empleado',
            'userCriteria'=>array(),
            'userIdAttribute'=>'id_empleado',
            'userNameAttribute'=>' ,primer_nombre,primer_apellido',
        ),


Everything works fine except in the ?r=rbam/authAssignments/index page: it correctly gets all the IDs, but when I click on "Assign role(s) to this user" I get:

CException

Property "Empleado.id" is not defined.

/var/www/na_rbam/framework/db/ar/CActiveRecord.php(128)

116      */
117     public function __get($name)
118     {
119         if(isset($this->_attributes[$name]))
120             return $this->_attributes[$name];
121         else if(isset($this->getMetaData()->columns[$name]))
122             return null;
123         else if(isset($this->_related[$name]))
124             return $this->_related[$name];
125         else if(isset($this->getMetaData()->relations[$name]))
126             return $this->getRelated($name);
127         else
128             return parent::__get($name);
129     }
130 
131     /**
132      * PHP setter magic method.
133      * This method is overridden so that AR attributes can be accessed like properties.
134      * @param string $name property name
135      * @param mixed $value property value
136      */
137     public function __set($name,$value)
138     {
139         if($this->setAttribute($name,$value)===false)
140         {
Stack Trace
#0	/var/www/na_rbam/framework/db/ar/CActiveRecord.php(128): CComponent->__get("id")
#1	
–  /var/www/na_rbam/protected/modules/rbam/views/authAssignments/assign.php(111): CActiveRecord->__get("id")
106             Yii::t('RbamModule.rbam','Assign')=>'js:function() {
107                 var jForm = jQuery("form", this);
108                 jQuery(".error.summary", jForm).slideUp().remove();
109                 jQuery(".error", jForm).removeClass("error");
110                 jQuery.post(
111                     "'.$this->createUrl('assign', array('uid'=>$user->id)).'",
112                     jForm.serialize(),
113                     function(data) {
114                         if (data.errors==undefined) {
115                             var jDone = jQuery("#rbam-dialog-done");
116                             jDone.html(jDone.html().replace(/(<\/span>).*?(<\/p>)/i,"$1"+data.content+"$2")).dialog("open");
#2	/var/www/na_rbam/framework/web/CBaseController.php(119): require("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...")
#3	/var/www/na_rbam/framework/web/CBaseController.php(88): CBaseController->renderInternal("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#4	/var/www/na_rbam/framework/web/CController.php(866): CBaseController->renderFile("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#5	/var/www/na_rbam/framework/web/CController.php(779): CController->renderPartial("assign", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#6	
–  /var/www/na_rbam/protected/modules/rbam/controllers/AuthAssignmentsController.php(175): CController->render("assign", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm))
170             $this->_pageTitle('userRoles', array(
171                 '{user}'=>$user->rbamName
172                     ))=>array('userRoles', 'uid'=>$uid),
173             $this->pageTitle
174         );
175         $this->render($this->action->id, compact('dataProvider','user','form'));
176     }
177 
178     /**
179     * Revokes a user::role assignment
180     * Ajax only method
#7	
 unknown(0): AuthAssignmentsController->actionAssign("18")
#8	/var/www/na_rbam/framework/web/actions/CAction.php(104): ReflectionMethod->invokeArgs(AuthAssignmentsController, array("18"))
#9	/var/www/na_rbam/framework/web/actions/CInlineAction.php(48): CAction->runWithParamsInternal(AuthAssignmentsController, ReflectionMethod, array("r" => "rbam/authAssignments/assign", "uid" => "18"))
#10	/var/www/na_rbam/framework/web/CController.php(300): CInlineAction->runWithParams(array("r" => "rbam/authAssignments/assign", "uid" => "18"))
#11	/var/www/na_rbam/framework/web/filters/CFilterChain.php(133): CController->runAction(CInlineAction)
#12	/var/www/na_rbam/framework/web/filters/CFilter.php(41): CFilterChain->run()
#13	/var/www/na_rbam/framework/web/CController.php(1122): CFilter->filter(CFilterChain)
#14	/var/www/na_rbam/framework/web/filters/CInlineFilter.php(59): CController->filterAccessControl(CFilterChain)
#15	/var/www/na_rbam/framework/web/filters/CFilterChain.php(130): CInlineFilter->filter(CFilterChain)
#16	/var/www/na_rbam/framework/web/CController.php(283): CFilterChain->run()
#17	/var/www/na_rbam/framework/web/CController.php(257): CController->runActionWithFilters(CInlineAction, array("accessControl", "ajaxOnly + revoke, update"))
#18	/var/www/na_rbam/framework/web/CWebApplication.php(328): CController->run("assign")
#19	/var/www/na_rbam/framework/web/CWebApplication.php(121): CWebApplication->runController("rbam/authAssignments/assign")
#20	/var/www/na_rbam/framework/base/CApplication.php(155): CWebApplication->processRequest()
#21	
–  /var/www/na_rbam/index.php(13): CApplication->run()
08 defined('YII_DEBUG') or define('YII_DEBUG',true);
09 // specify how many levels of call stack should be shown in each log message
10 defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',3);
11 
12 require_once($yii);
13 Yii::createWebApplication($config)->run();


The faulty part seems to be (in modules/rbam/views/authAssignments/assign.php line 111):
$this->createUrl('assign', array('uid'=>$user->id))


while in modules/rbam/views/authAssignments/index.php on line 39 I see something that does almost the same thing but does it without errors:
'viewButtonUrl'=>'array("userRoles", "uid"=>$data->'.$this->getModule()->userIdAttribute.')',


how can I fix it??
Extension yii-jpegcam: embed a webcam and take photos
0

#51 User is offline   Bill Stoddard 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 7
  • Joined: 19-February 11

Posted 19 May 2011 - 07:02 AM

I installed RBAM using a PostgreSQL 8.4.4 database.

When I go the the RBAM "Auth Assignments" page; and click on the icon for "Assign role(s) to this user", I get the following error:

Undefined function: 7 ERROR: operator does not exist: character varying = integer

The SQL statement executed was: SELECT* FROM AuthItem WHERE type=2 AND name NOT IN(SELECT itemName FROM AuthAssignment WHERE userid=9)


The userid column of AuthAssignment is of type VARCHAR(64) but it is being compared to an integer. I'm confused about how this query can work, as when I look in the AuthAssignment table, column userid contains usernames such as Administrator, which cannot be compared to an integer.

Everything else works as far as I can tell, so if the above can be solved, I should be able to use this very helpful extension.
0

#52 User is offline   Bill Stoddard 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 7
  • Joined: 19-February 11

Posted 20 May 2011 - 01:49 PM

I solved it. My problem was the configuration parameter for userid.

The line:

public $userIdAttribute = 'user_id';

needed to be changed to reference a VARCHAR column in my users table, not an integer column.


View PostBill Stoddard, on 19 May 2011 - 07:02 AM, said:

I installed RBAM using a PostgreSQL 8.4.4 database.

When I go the the RBAM "Auth Assignments" page; and click on the icon for "Assign role(s) to this user", I get the following error:

Undefined function: 7 ERROR: operator does not exist: character varying = integer

The SQL statement executed was: SELECT* FROM AuthItem WHERE type=2 AND name NOT IN(SELECT itemName FROM AuthAssignment WHERE userid=9)


The userid column of AuthAssignment is of type VARCHAR(64) but it is being compared to an integer. I'm confused about how this query can work, as when I look in the AuthAssignment table, column userid contains usernames such as Administrator, which cannot be compared to an integer.

Everything else works as far as I can tell, so if the above can be solved, I should be able to use this very helpful extension.

0

#53 User is offline   Bill Stoddard 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 7
  • Joined: 19-February 11

Posted 20 May 2011 - 09:04 PM

Actually, it still doesn't work. Now I get the following error:

CDbCommand failed to execute the SQL statement: SQLSTATE[42703]: Undefined column: 7 ERROR: column "administrator" does not exist
LINE 1: ...(SELECT itemName FROM AuthAssignment WHERE userid=Administra...
^. The SQL statement executed was: SELECT* FROM AuthItem WHERE type=2 AND name NOT IN(SELECT itemName FROM AuthAssignment WHERE userid=Administrator)

View PostBill Stoddard, on 20 May 2011 - 01:49 PM, said:

I solved it. My problem was the configuration parameter for userid.

The line:

public $userIdAttribute = 'user_id';

needed to be changed to reference a VARCHAR column in my users table, not an integer column.

0

#54 User is offline   Vadim PlusV 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 08-June 11

Posted 08 June 2011 - 09:37 AM

My system ubuntu-server 10.04, postgresql-8.4, yii 1.1.7
if i do uthAssignments/assign for any users. i'm get error

CDbCommand не удалось исполнить SQL-запрос: SQLSTATE[42883]: Undefined function: 7 ERROR: operator does not exist: character varying = integer
LINE 1: ...e NOT IN(SELECT itemName FROM AuthAssignment WHERE userid=3)
^
HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts.. The SQL statement executed was: SELECT* FROM AuthItem WHERE type=2 AND name NOT IN(SELECT itemName FROM AuthAssignment WHERE userid=3)

type it's keyword postgresql


How resolve problem? sorry my bad inglish.
0

#55 User is offline   Chelo 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 9
  • Joined: 19-June 11

Posted 19 June 2011 - 01:44 PM

View PostAttilio, on 11 May 2011 - 03:16 PM, said:

Hello, I think I found a new bug but I don't know how to fix it.

I'm using a custom configuration, it means model is not User and id column is not id.

This is my configuration:

        'rbam'=>array(
            .....
            'userClass'=>'Empleado',
            'userCriteria'=>array(),
            'userIdAttribute'=>'id_empleado',
            'userNameAttribute'=>' ,primer_nombre,primer_apellido',
        ),


Everything works fine except in the ?r=rbam/authAssignments/index page: it correctly gets all the IDs, but when I click on "Assign role(s) to this user" I get:

CException

Property "Empleado.id" is not defined.

/var/www/na_rbam/framework/db/ar/CActiveRecord.php(128)

116      */
117     public function __get($name)
118     {
119         if(isset($this->_attributes[$name]))
120             return $this->_attributes[$name];
121         else if(isset($this->getMetaData()->columns[$name]))
122             return null;
123         else if(isset($this->_related[$name]))
124             return $this->_related[$name];
125         else if(isset($this->getMetaData()->relations[$name]))
126             return $this->getRelated($name);
127         else
128             return parent::__get($name);
129     }
130 
131     /**
132      * PHP setter magic method.
133      * This method is overridden so that AR attributes can be accessed like properties.
134      * @param string $name property name
135      * @param mixed $value property value
136      */
137     public function __set($name,$value)
138     {
139         if($this->setAttribute($name,$value)===false)
140         {
Stack Trace
#0	/var/www/na_rbam/framework/db/ar/CActiveRecord.php(128): CComponent->__get("id")
#1	
–  /var/www/na_rbam/protected/modules/rbam/views/authAssignments/assign.php(111): CActiveRecord->__get("id")
106             Yii::t('RbamModule.rbam','Assign')=>'js:function() {
107                 var jForm = jQuery("form", this);
108                 jQuery(".error.summary", jForm).slideUp().remove();
109                 jQuery(".error", jForm).removeClass("error");
110                 jQuery.post(
111                     "'.$this->createUrl('assign', array('uid'=>$user->id)).'",
112                     jForm.serialize(),
113                     function(data) {
114                         if (data.errors==undefined) {
115                             var jDone = jQuery("#rbam-dialog-done");
116                             jDone.html(jDone.html().replace(/(<\/span>).*?(<\/p>)/i,"$1"+data.content+"$2")).dialog("open");
#2	/var/www/na_rbam/framework/web/CBaseController.php(119): require("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...")
#3	/var/www/na_rbam/framework/web/CBaseController.php(88): CBaseController->renderInternal("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#4	/var/www/na_rbam/framework/web/CController.php(866): CBaseController->renderFile("/var/www/na_rbam/protected/modules/rbam/views/authAssignments/as...", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#5	/var/www/na_rbam/framework/web/CController.php(779): CController->renderPartial("assign", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm), true)
#6	
–  /var/www/na_rbam/protected/modules/rbam/controllers/AuthAssignmentsController.php(175): CController->render("assign", array("dataProvider" => ApArrayDataProvider, "user" => Empleado, "form" => CForm))
170             $this->_pageTitle('userRoles', array(
171                 '{user}'=>$user->rbamName
172                     ))=>array('userRoles', 'uid'=>$uid),
173             $this->pageTitle
174         );
175         $this->render($this->action->id, compact('dataProvider','user','form'));
176     }
177 
178     /**
179     * Revokes a user::role assignment
180     * Ajax only method
#7	
 unknown(0): AuthAssignmentsController->actionAssign("18")
#8	/var/www/na_rbam/framework/web/actions/CAction.php(104): ReflectionMethod->invokeArgs(AuthAssignmentsController, array("18"))
#9	/var/www/na_rbam/framework/web/actions/CInlineAction.php(48): CAction->runWithParamsInternal(AuthAssignmentsController, ReflectionMethod, array("r" => "rbam/authAssignments/assign", "uid" => "18"))
#10	/var/www/na_rbam/framework/web/CController.php(300): CInlineAction->runWithParams(array("r" => "rbam/authAssignments/assign", "uid" => "18"))
#11	/var/www/na_rbam/framework/web/filters/CFilterChain.php(133): CController->runAction(CInlineAction)
#12	/var/www/na_rbam/framework/web/filters/CFilter.php(41): CFilterChain->run()
#13	/var/www/na_rbam/framework/web/CController.php(1122): CFilter->filter(CFilterChain)
#14	/var/www/na_rbam/framework/web/filters/CInlineFilter.php(59): CController->filterAccessControl(CFilterChain)
#15	/var/www/na_rbam/framework/web/filters/CFilterChain.php(130): CInlineFilter->filter(CFilterChain)
#16	/var/www/na_rbam/framework/web/CController.php(283): CFilterChain->run()
#17	/var/www/na_rbam/framework/web/CController.php(257): CController->runActionWithFilters(CInlineAction, array("accessControl", "ajaxOnly + revoke, update"))
#18	/var/www/na_rbam/framework/web/CWebApplication.php(328): CController->run("assign")
#19	/var/www/na_rbam/framework/web/CWebApplication.php(121): CWebApplication->runController("rbam/authAssignments/assign")
#20	/var/www/na_rbam/framework/base/CApplication.php(155): CWebApplication->processRequest()
#21	
–  /var/www/na_rbam/index.php(13): CApplication->run()
08 defined('YII_DEBUG') or define('YII_DEBUG',true);
09 // specify how many levels of call stack should be shown in each log message
10 defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',3);
11 
12 require_once($yii);
13 Yii::createWebApplication($config)->run();


The faulty part seems to be (in modules/rbam/views/authAssignments/assign.php line 111):
$this->createUrl('assign', array('uid'=>$user->id))


while in modules/rbam/views/authAssignments/index.php on line 39 I see something that does almost the same thing but does it without errors:
'viewButtonUrl'=>'array("userRoles", "uid"=>$data->'.$this->getModule()->userIdAttribute.')',


how can I fix it??




Hi, try to replace

$user->id

to
$user->{$module->userIdAttribute}



Regards
0

#56 User is offline   dm1try 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 20-June 11
  • Location:Belarus

Posted 20 June 2011 - 03:27 AM

very nice extension with excellent documentation!
thanks a lot)
0

#57 User is offline   blevy009 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 10
  • Joined: 06-October 11

Posted 20 November 2011 - 09:01 PM

View Postsravani, on 25 January 2011 - 06:06 AM, said:

Hello,

I have just installed rbam extension but unable to get it used.Any one please help me about what changes need to be made exactly in other configuration files after extracting rbam under moudule directory...
waiting 4 ur advice!!!!!!!!!


I just got it working in my app - after struggling with confi options and re-reading the pdf file.

The key items for me were: these two entries under config/main.php (I already have auth data set up, otherwise you could use initialise => true and you get another option/button to initialize.
'rbam'=>array(
//rbam configuration
'development'=>true,
'initialise'=>false,
)

AND 2) public $initialise; line 206 in rbam/RbamModule.php

I'm now able to see and edit the existing roles/operation/task.

Confusing stuff!! rbac! good luck.
0

#58 User is offline   kadishmal 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 44
  • Joined: 09-February 11
  • Location:South Korea

Posted 25 December 2011 - 03:06 AM

I have successfully installed the module. I can create and do everything with operators, tasks, roles. I am on Mac OS X lion, Chrome 16.0.912.63, Yii 1.1.8.

However, I cannot create any assignment. JS exception.
  • First, I go to /user/rbam/authItems/index and select a "superAdmin" role.
  • Click on "Manage Role" icon.
  • /user/rbam/authItems/manage/item/superAdmin page opens. I scroll down to unassigned section.
  • Choose one unassigned role/task/operation (doesn't matter) and drop to the above section for child elements of superAdmin.


There is an error on line 69:jquery.rbam.js

$('body').ajaxError(function(e, xhr, settings, exception) {
			var aryMatches = xhr.responseText.match(/<p class="message">\s*(.+?)\s*<\/p>/);
			$('#rbam-dialog-done').html('<p><span class="ui-icon ui-icon-alert" style="float:left; margin:0 7px 20px -24px;"></span>'+aryMatches[1]+'</p>').dialog('option', 'title', config.error.title).dialog('open');
		});


which says Uncaught TypeError: Cannot read property '1' of null. That is aryMatches array is null.

I checked the URL which is used in the following piece of code:

// add a child to the parent
		function addChild(jRelationship, strParent, strChild) {
			$.getJSON(
				config.add.url,
				{parent:strParent, child:strChild},


The config.add.url is equal to /user/rbam/authItems/addChild?parent=superAdmin&child=admin.

xhr value displays the entire HTML code of /user/rbam/authItems/index page. Based on addChild function, it should return JSON, however, the entire page source is returned which doesn't have anything similar to /<p class="message">\s*(.+?)\s*<\/p>/.

I looked at the application.log after the request. The request doesn't reach the addChild function of AuthItemsController. It just doesn't go through.

What can be the problem? Do you think there is anything to do with UrlManager? I thought about that, but if that was true, rbam module wouldn't work either, including other operation/task/role creation, which work perfectly.

I need you help very urgently. Would be very grateful for any hint.
0

#59 User is offline   devnegikec 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 5
  • Joined: 05-March 12
  • Location:Bangalore

Posted 21 March 2012 - 04:45 AM

Excellent module, save my day.
Thanks a lot.
0

#60 User is offline   Woland 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 28-March 12

Posted 02 April 2012 - 02:16 AM

Attached File  quoteTableName.patch.gz (1.05K)
Number of downloads: 7 – patch fixes work with PgSQL DBMS.

Also it is useful to change
class RbamController extends CСontroller

to
class RbamController extends Сontroller
(the default application-wide controller ancestor)
0

Share this topic:


  • (6 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • 5
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users