Yii Framework Forum: RBAM - Role Based Access Control Manager - Yii Framework Forum

Jump to content

  • (6 Pages)
  • +
  • « First
  • 3
  • 4
  • 5
  • 6
  • You cannot start a new topic
  • You cannot reply to this topic

RBAM - Role Based Access Control Manager Management of RBAC Authorisation Data via a web interface Rate Topic: ***** 2 Votes

#81 User is offline   Boaz 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 367
  • Joined: 23-January 11

Posted 17 October 2012 - 08:11 AM

View Postmatteosistisette, on 17 October 2012 - 06:51 AM, said:

That you and me can't think of a use case where one may need it, doesn't mean that it doesn't exist. Whenever there may be even the most remote possibility that one freaky guy in the world may need a behavior different from the default, the possibility to change it must be provided. But I agree with you that the behavior you describe should be the default one.

Actually, here's a use case.
I have assigned 20 users the ClockwiseDancer role, and I have assigned other 30 users the CounterClockwiseDancer role. Oh shit! Clocks turn that way!! All my assignments are reversed! Well, know what? If I rename ClockwiseDancer to CounterClockwiseDancer and viceversa (of course in 3 steps using an intermediate dummy name), that'll do the trick.
Unlikely, I agree. Impossible? no.


Your use case is amusing... Posted Image
And it demonstrates what I think - there is no such real world use case and its ridiculous to think that there's any benefit NOT to update the relationship table on any change in the items table (as we've mentioned...). Even if was is such a remote use case - I don't think the RBAM module, being an open source software developed on typically very limited resources, should address all of its clients needs. Heck, not even fully established for-profit companies address all their customer's needs. They address most customers needs (...that would generate them the most profit).
But, again, the design of the tables on the first place is really awkward and I fail to get to the bottom of the designer's mind, or perhaps simply its not a good design... . Also, the design demonstrates, I think, the reason for database normalization. With current design, there's duplication of data between the tables - the 'names' of the auth items. As such, it requires a rename to be performed on all tables, as we've seen.

On to more practical words - time to test SRABC extension!





Therapeutic PHP sessions My LinkedIn Profile
0

#82 User is offline   Boaz 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 367
  • Joined: 23-January 11

Posted 17 October 2012 - 03:04 PM

Well, SRBAC seems to cut it. Renaming a role renames it in both the 'items' table and on the 'relationships' table (didn't check anything else at this stage). Gonna give it a try... .
Therapeutic PHP sessions My LinkedIn Profile
0

#83 User is offline   peltronic 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 07-December 12

Posted 07 December 2012 - 04:04 PM

Hi!

I'm wondering the same...is this extension still maintained?

These doc & demo links are broken (can't display them here b/c this is my first post, I had to remove all the links and replace with "..."...what a pain! See reply #67 for the links).

doc:
...rbam_manual.pdf

demo:
...index.php

Would love to try this out but a doc and demo would be nice!

Peter


View Postmatteosistisette, on 29 July 2012 - 02:13 PM, said:

Is this extension still being maintained? I'm finding quite a few bugs and I wonder whether there is a place where it makes any sense to report them or if rbam has been abandoned and I should instead consider using some other rbac management extension.

The information page of the extension doesn't provide any link.
Since the manual is hosted at ... I tried ... which only shows embarrassing php errors, and ... which shows a default placeholder page from the hosting provider.

0

#84 User is offline   Ivo Pereira 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 29-July 12

Posted 24 January 2013 - 02:50 AM

I would like to know too if the extension is already maintained or if anyone has the main zip of the extension and the docs.

I've been working with a previous version of the extension installed in a work project that was being developed from another developer, and I would like to use it with a new one.

Suggestions?
0

#85 User is offline   Daantje 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 28-May 12

Posted 04 March 2013 - 06:00 PM

I found the rbam_manual.pdf mirrored here pdfio.com/k-2272549.html
and on my site for save keeping bitbucket.org/bytebrain/yii-rbam-extension-manual
0

#86 User is offline   albertski 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 28
  • Joined: 18-February 13
  • Location:Chicago

Posted 15 March 2013 - 10:12 AM

I'm relatively new to Yii. I created some roles and added operations that were automatically generated. Now I am not sure if I need to go in and modify the accessRules() in all of my controllers and add the roles? I would think this would be automatic?

Do I actually have to go to every action and add code like this:

if(Yii::app()->user->checkAccess('createPost'))
{
    // create post
}

0

#87 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 07 May 2013 - 04:12 PM

View Postalbertski, on 15 March 2013 - 10:12 AM, said:

Do I actually have to go to every action and add code like this:
if(Yii::app()->user->checkAccess('createPost'))
{
    // create post
}


Did you ever figure this out? I'm pretty sure it is automatic, but I think I am missing the one piece of glue that gets the roles, tasks and operations I set up in RBAM to start engaging.

See next post. Think I found the glue, and by putting that one rule in my overall controller, everything works!
0

#88 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 07 May 2013 - 05:02 PM

I have a basic question about how to use RBAM effectively. I have something like the following set up in RBAM, in terms of parent/child relationships:

Role: Administrator
    Task:  ArticleReading
          Operation: Article:index
          Operation: Article:view
    Task: ArticleWriting
   		Operation: Article:create
   		Operation: Article:delete
   		Operation: Article:save

Role: Regular User
 	Task: ArticleReading
          Operation: Article:index
          Operation: Article:view


Given this, I thought the access checking would just be automatic. I guess I need to define some accessRules(), but I can't imagine what they would look like. It would seem as if any rule I create would be redundant to what I've just defined in RBAM.

public function accessRules() {
  return [
      ['allow', 'actions' => ['index','view'], 'roles' => ['Administrator']], // this seems redundant, but if I have no rules access isn't checked
      ['deny', 'users' => ['*']]
  ];
}



I believe I found the answer, myself:

	public function accessRules() {
		return array(
			array('allow', 
				'expression' => 'Yii::app()->user->checkAccess(Yii::app()->controller->id.":".Yii::app()->controller->action->id)),
			array('deny', 'users' =>array('*'))
		);

This post has been edited by davidgraybeard: 07 May 2013 - 06:18 PM

0

#89 User is offline   Heyho 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 37
  • Joined: 30-May 13

Posted 31 May 2013 - 06:48 AM

I'm sure I've done something wrong, but quite what that might be, I don't know.

After initialising the auth* data, I get "Fatal error: Call to a member function attachBehavior() on a non-object in [...]\protected\modules\rbam\RbamModule.php on line 422" and in addition see the log message "Querying SQL: SELECT * FROM `user` `t` WHERE `t`.`id`='admin' LIMIT 1"

I don't really see how or why "id" would ever be the username, so as you can imagine I'm pretty confused.

Can anyone shed some light on it?
0

#90 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 31 May 2013 - 08:26 AM

I know Yii can be set up so that the id field is the username field, and it might even be the default. I think you might need to set the "userIdAttribute" in the rbam config to point to your user table's ID column. Here is my setup, in case it might help:

 
'rbam' => array(
			'applicationLayout'          => 'application.views.layouts.main',
			'authAssignmentsManagerRole' => 'Auth Assignments Manager',
			'authenticatedRole'          => 'Authenticated',
			'authItemsManagerRole'   	=> 'Auth Items Manager',
			'baseScriptUrl'              => NULL,
			'baseUrl'                    => NULL,
			'cssFile'                    => NULL,
			'development'                => FALSE,
			'exclude'                    => 'rbam',
			'guestRole'                  => 'Guest',
			'initialise' 				=> FALSE,
			'layout' 					=> 'rbam.views.layouts.main',
			'juiCssFile' 				=> 'jquery-ui.css',
			'juiHide'                    => 'puff',
			'juiScriptFile'              => 'jquery-ui.min.js',
			'juiScriptUrl'   			=> NULL,
			'juiShow'                    => 'fade',
			'juiTheme'   				=> 'base',
			'juiThemeUrl'                => NULL,
			'pageSize'   				=> 25,
			'rbacManagerRole'            => 'RBAC Manager',
			'relationshipsPageSize'      => 5,
			'showConfirmation'   		=> 500,
			'showMenu'   				=> TRUE,
			'userClass'                  => 'User',
			'userCriteria'   			=> array(),
			'userIdAttribute'            => 'userId',
			'userNameAttribute'          => 'email',
        )[/size]
[size="2"]



(The "size=2" stuff is something this forum editor keeps throwing into my code block, so please ignore it.)
0

#91 User is offline   Heyho 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 37
  • Joined: 30-May 13

Posted 31 May 2013 - 09:01 AM

View Postdavidgraybeard, on 31 May 2013 - 08:26 AM, said:

I know Yii can be set up so that the id field is the username field, and it might even be the default. I think you might need to set the "userIdAttribute" in the rbam config to point to your user table's ID column.

I have
        'rbam'=>array(
            'development'=>true,
            'initialise'=>true,

            'rbacManagerRole'=>'admin',
            'userClass'=>'User',
            'userIdAttribute'=>'id',
            'userNameAttribute'=>'username',
            ),

And the table is defined as follows:
CREATE TABLE IF NOT EXISTS `user` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(8) NOT NULL,
  `pass` varchar(65) NOT NULL,
  `role` int(10) unsigned NOT NULL,
  `person_id` int(10) unsigned NOT NULL,
  `address_id` int(10) unsigned NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `address_id` (`address_id`),
  KEY `person-id` (`person_id`),
  KEY `role` (`role`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=7 ;

0

#92 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 31 May 2013 - 09:11 AM

That looks nearly the same as my setup. The only other thing I can think of that might be relevant is that I have this in UserIdentity.php:
  $this->_id = $user->userId;

when the user logs in successfully.
0

#93 User is offline   Heyho 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 37
  • Joined: 30-May 13

Posted 31 May 2013 - 09:38 AM

View Postdavidgraybeard, on 31 May 2013 - 09:11 AM, said:

That looks nearly the same as my setup. The only other thing I can think of that might be relevant is that I have this in UserIdentity.php:
  $this->_id = $user->userId;

when the user logs in successfully.

Ah. I'm guessing you got this from http://www.yiiframew...-identity-class ?

RBAM now gives me a 403 ("not authorized") when trying to access it. I'm guessing I somewhere have to say which user(s) can use it. That
'rbacManagerRole'=>'admin'
line in my config? Can I somehow still link that to a username? Changing it to the value of the id of the admin user works (I can not only access RBAM, but the initialization works completely), but that id could change with time.
0

#94 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 31 May 2013 - 09:59 AM

Sorry, it's been too long since I set things up to remember where pieces came from. The UserIdentity is something I've used in Yii apps for a long time, because I have a complex login process that includes LDAP. I think it also may have come "standard" with the YiiBooster version of an app that I set up recently.

I'm not that familiar with the intricacies of RBAM, but the rbacManagerRole was populated for me when it initialized, to 'RBAC Manager' - it is a role created in the auth tables rather than a user.



0

#95 User is offline   CoderK 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 16
  • Joined: 13-June 13

Posted 01 August 2013 - 04:16 PM

Is this still de facto for RBAC solutions? :)
0

#96 User is offline   oopholic 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 08-October 13

Posted 08 October 2013 - 06:59 AM

Just a small problem I noticed.

I have installed RBAM (CDbAuthManager) and reviewed the DB structures it created for me because I need to build on them a more customized logic. What I noticed is that there is a redudancy with itemnames.

Of course it can be refactored, when I have time I will contribute it, but until then you can make item name uneditable and remove it from the update as a field. Based on that you can make an intermediate table that can be a bridge between RBAM and your custom implementation. When the fix comes, you will only have to change names with ids in your table.

Hope this will help someone :)
0

#97 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 08 October 2013 - 08:11 AM

Pretty sure that's the Yii default database setup, oopholic, and not specific to the RBAM module. The itemname is a key in the other tables, so when it is changed in one place it changes in the others automatically.
0

#98 User is offline   davidgraybeard 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 13-December 12

Posted 08 October 2013 - 08:14 AM

View PostCoderK, on 01 August 2013 - 04:16 PM, said:

Is this still de facto for RBAC solutions? :)



I haven't been able to find a better solution yet. I keep wanting to make a clean, new manager, but I never seem to have the time. I end up maintaining it by using DB INSERTS, UPDATES and DELETES because that's easier, once the basics are set up.
0

#99 User is offline   wadim 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 19-March 13

Posted 18 December 2013 - 09:00 AM

There is a problem with the function "actions()" in Controllers.

    public function actions() {
        // isset in init
        return $this->actions;
        // DO NOT REMOVE - RBAM is using this
        return array(
            'adminModel'=>array('class'=>'...'),
            'create'=>array('class'=>'...'),
            'delete'=>array('class'=>'...'),
            'update'=>array('class'=>'...'),
            'view'=>array('class'=>'..'),
        );
    }


I'm loading different actions. And I have to hardcode that second return, just for RBAM.
How difficult would it be to migrate everything to use migrations instead of regular expressions ?
0

#100 User is offline   JbalTero 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 35
  • Joined: 18-January 14

Posted 02 February 2014 - 08:41 PM

How do I implement automation of Role Assigning whenever a new user is created?
0

Share this topic:


  • (6 Pages)
  • +
  • « First
  • 3
  • 4
  • 5
  • 6
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users