[Boaz]

matteosistisette, on 17 October 2012 - 06:51 AM, said:

That you and me can't think of a use case where one may need it, doesn't mean that it doesn't exist. Whenever there may be even the most remote possibility that one freaky guy in the world may need a behavior different from the default, the possibility to change it must be provided. But I agree with you that the behavior you describe should be the default one.

Actually, here's a use case.
I have assigned 20 users the ClockwiseDancer role, and I have assigned other 30 users the CounterClockwiseDancer role. Oh shit! Clocks turn that way!! All my assignments are reversed! Well, know what? If I rename ClockwiseDancer to CounterClockwiseDancer and viceversa (of course in 3 steps using an intermediate dummy name), that'll do the trick.
Unlikely, I agree. Impossible? no.

Your use case is amusing...
And it demonstrates what I think - there is no such real world use case and its ridiculous to think that there's any benefit NOT to update the relationship table on any change in the items table (as we've mentioned...). Even if was is such a remote use case - I don't think the RBAM module, being an open source software developed on typically very limited resources, should address all of its clients needs. Heck, not even fully established for-profit companies address all their customer's needs. They address most customers needs (...that would generate them the most profit).
But, again, the design of the tables on the first place is really awkward and I fail to get to the bottom of the designer's mind, or perhaps simply its not a good design... . Also, the design demonstrates, I think, the reason for database normalization. With current design, there's duplication of data between the tables - the 'names' of the auth items. As such, it requires a rename to be performed on all tables, as we've seen.

On to more practical words - time to test SRABC extension!

[Boaz]

Well, SRBAC seems to cut it. Renaming a role renames it in both the 'items' table and on the 'relationships' table (didn't check anything else at this stage). Gonna give it a try... .

[peltronic]

Hi!

I'm wondering the same...is this extension still maintained?

These doc & demo links are broken (can't display them here b/c this is my first post, I had to remove all the links and replace with "..."...what a pain! See reply #67 for the links).

doc:
...rbam_manual.pdf

demo:
...index.php

Would love to try this out but a doc and demo would be nice!

Peter

matteosistisette, on 29 July 2012 - 02:13 PM, said:

Is this extension still being maintained? I'm finding quite a few bugs and I wonder whether there is a place where it makes any sense to report them or if rbam has been abandoned and I should instead consider using some other rbac management extension.

The information page of the extension doesn't provide any link.
Since the manual is hosted at ... I tried ... which only shows embarrassing php errors, and ... which shows a default placeholder page from the hosting provider.

[Ivo Pereira]

I would like to know too if the extension is already maintained or if anyone has the main zip of the extension and the docs.

I've been working with a previous version of the extension installed in a work project that was being developed from another developer, and I would like to use it with a new one.

Suggestions?

[Daantje]

I found the rbam_manual.pdf mirrored here pdfio.com/k-2272549.html
and on my site for save keeping bitbucket.org/bytebrain/yii-rbam-extension-manual

[albertski]

I'm relatively new to Yii. I created some roles and added operations that were automatically generated. Now I am not sure if I need to go in and modify the accessRules() in all of my controllers and add the roles? I would think this would be automatic?

Do I actually have to go to every action and add code like this:

if(Yii::app()->user->checkAccess('createPost'))
{
    // create post
}

[davidgraybeard]

albertski, on 15 March 2013 - 10:12 AM, said:

Do I actually have to go to every action and add code like this:

if(Yii::app()->user->checkAccess('createPost'))
{
    // create post
}

Did you ever figure this out? I'm pretty sure it is automatic, but I think I am missing the one piece of glue that gets the roles, tasks and operations I set up in RBAM to start engaging.

See next post. Think I found the glue, and by putting that one rule in my overall controller, everything works!

[davidgraybeard]

I have a basic question about how to use RBAM effectively. I have something like the following set up in RBAM, in terms of parent/child relationships:

Role: Administrator
    Task:  ArticleReading
          Operation: Article:index
          Operation: Article:view
    Task: ArticleWriting
   		Operation: Article:create
   		Operation: Article:delete
   		Operation: Article:save

Role: Regular User
 	Task: ArticleReading
          Operation: Article:index
          Operation: Article:view

Given this, I thought the access checking would just be automatic. I guess I need to define some accessRules(), but I can't imagine what they would look like. It would seem as if any rule I create would be redundant to what I've just defined in RBAM.

public function accessRules() {
  return [
      ['allow', 'actions' => ['index','view'], 'roles' => ['Administrator']], // this seems redundant, but if I have no rules access isn't checked
      ['deny', 'users' => ['*']]
  ];
}

I believe I found the answer, myself:

	public function accessRules() {
		return array(
			array('allow', 
				'expression' => 'Yii::app()->user->checkAccess(Yii::app()->controller->id.":".Yii::app()->controller->action->id)),
			array('deny', 'users' =>array('*'))
		);

This post has been edited by davidgraybeard: 07 May 2013 - 06:18 PM

[Heyho]

I'm sure I've done something wrong, but quite what that might be, I don't know.

After initialising the auth* data, I get "Fatal error: Call to a member function attachBehavior() on a non-object in [...]\protected\modules\rbam\RbamModule.php on line 422" and in addition see the log message "Querying SQL: SELECT * FROM `user` `t` WHERE `t`.`id`='admin' LIMIT 1"

I don't really see how or why "id" would ever be the username, so as you can imagine I'm pretty confused.

Can anyone shed some light on it?

[davidgraybeard]

I know Yii can be set up so that the id field is the username field, and it might even be the default. I think you might need to set the "userIdAttribute" in the rbam config to point to your user table's ID column. Here is my setup, in case it might help:

 
'rbam' => array(
			'applicationLayout'          => 'application.views.layouts.main',
			'authAssignmentsManagerRole' => 'Auth Assignments Manager',
			'authenticatedRole'          => 'Authenticated',
			'authItemsManagerRole'   	=> 'Auth Items Manager',
			'baseScriptUrl'              => NULL,
			'baseUrl'                    => NULL,
			'cssFile'                    => NULL,
			'development'                => FALSE,
			'exclude'                    => 'rbam',
			'guestRole'                  => 'Guest',
			'initialise' 				=> FALSE,
			'layout' 					=> 'rbam.views.layouts.main',
			'juiCssFile' 				=> 'jquery-ui.css',
			'juiHide'                    => 'puff',
			'juiScriptFile'              => 'jquery-ui.min.js',
			'juiScriptUrl'   			=> NULL,
			'juiShow'                    => 'fade',
			'juiTheme'   				=> 'base',
			'juiThemeUrl'                => NULL,
			'pageSize'   				=> 25,
			'rbacManagerRole'            => 'RBAC Manager',
			'relationshipsPageSize'      => 5,
			'showConfirmation'   		=> 500,
			'showMenu'   				=> TRUE,
			'userClass'                  => 'User',
			'userCriteria'   			=> array(),
			'userIdAttribute'            => 'userId',
			'userNameAttribute'          => 'email',
        )[/size]
[size="2"]

(The "size=2" stuff is something this forum editor keeps throwing into my code block, so please ignore it.)

[Heyho]

davidgraybeard, on 31 May 2013 - 08:26 AM, said:

I know Yii can be set up so that the id field is the username field, and it might even be the default. I think you might need to set the "userIdAttribute" in the rbam config to point to your user table's ID column.

I have

        'rbam'=>array(
            'development'=>true,
            'initialise'=>true,

            'rbacManagerRole'=>'admin',
            'userClass'=>'User',
            'userIdAttribute'=>'id',
            'userNameAttribute'=>'username',
            ),

And the table is defined as follows:

CREATE TABLE IF NOT EXISTS `user` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(8) NOT NULL,
  `pass` varchar(65) NOT NULL,
  `role` int(10) unsigned NOT NULL,
  `person_id` int(10) unsigned NOT NULL,
  `address_id` int(10) unsigned NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `address_id` (`address_id`),
  KEY `person-id` (`person_id`),
  KEY `role` (`role`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=7 ;

[davidgraybeard]

That looks nearly the same as my setup. The only other thing I can think of that might be relevant is that I have this in UserIdentity.php:

  $this->_id = $user->userId;

when the user logs in successfully.

[Heyho]

davidgraybeard, on 31 May 2013 - 09:11 AM, said:

That looks nearly the same as my setup. The only other thing I can think of that might be relevant is that I have this in UserIdentity.php:

  $this->_id = $user->userId;

when the user logs in successfully.

Ah. I'm guessing you got this from http://www.yiiframew...-identity-class ?

RBAM now gives me a 403 ("not authorized") when trying to access it. I'm guessing I somewhere have to say which user(s) can use it. That

'rbacManagerRole'=>'admin'

line in my config? Can I somehow still link that to a username? Changing it to the value of the id of the admin user works (I can not only access RBAM, but the initialization works completely), but that id could change with time.

[davidgraybeard]

Sorry, it's been too long since I set things up to remember where pieces came from. The UserIdentity is something I've used in Yii apps for a long time, because I have a complex login process that includes LDAP. I think it also may have come "standard" with the YiiBooster version of an app that I set up recently.

I'm not that familiar with the intricacies of RBAM, but the rbacManagerRole was populated for me when it initialized, to 'RBAC Manager' - it is a role created in the auth tables rather than a user.