Yii Framework Forum: [EXTENSION] srbac : Web interface for the administration of rbac - Yii Framework Forum

Jump to content

  • (38 Pages)
  • +
  • « First
  • 34
  • 35
  • 36
  • 37
  • 38
  • You cannot start a new topic
  • You cannot reply to this topic

[EXTENSION] srbac : Web interface for the administration of rbac Rate Topic: ****- 7 Votes

#701 User is offline   Jgsaw 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 33
  • Joined: 01-March 11

Posted 24 March 2011 - 04:43 PM

Great tool although few things it took me a while to figure out (these may be documented somewhere but i couldnt find them) and feel free to correct me if im wrong (although if im not adding these to the manual would be great).

1. Debug mode = AccessChecks are off. Nearly scrapped using SRBAC in my project as it looked like it wasnt working as all my users could access admin stuff. Debug=false and everything worked! Maybe different naming for this? Debug (true/false) = Debug statements, srbacOn (true/false) = turn SRBAC on or off, installMode (true/false) = create DB tables etc? Just an idea.

2. Remove accessRules() and accessControl filter from controller. Took me a while to find something on this

3. In views to check access in order to display content depending on role
if(Yii::app()->user->checkAccess('role or operation or task')). Again not sure if this is the corrcet way to do this as i couldnt find any info on it but seemed to work for me. Only concern is if i change the role, operation or task name id need to update all my view checks. Probably is a better way to do this so please let me know.

Anyway cracking module Spyros and thanks for putting it out there for us newbies to use! :)
0

#702 User is offline   xsano33 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 31-August 10

Posted 01 April 2011 - 04:54 AM

Sry, I posted it to a wrong topic - I'll remove it if possible.

The following error was displayed after I had installed srbac - yii version 1.1.7 on PHP 5.1.6 apache2.2 fedora.
Thus I have inserted into the AuthItem.php that if isset $this->data block, because that data was null and it caused the error. Do you think it as a necessary fix or there's nicer fix?

  protected function afterFind() {
    parent::afterFind();
      if(isset($this->data)){
    $this->data = unserialize($this->data);
      }
  }



PHP Error

unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Argument is not a string

/var/www/html/kensaku/protected/modules/srbac/models/AuthItem.php(109)

097 //    parent::beforeSave();
098 //  }
099 
100 
101   protected function beforeSave() {
102     $this->data = serialize($this->data);
103     return parent::beforeSave();
104   }
105 
106   protected function afterFind() {
107     parent::afterFind();
108 //    if(isset($this->data)){
109     $this->data = unserialize($this->data);
110 //    }
111   }
112 
113   protected function afterSave() {
114     parent::afterSave();
115     $this->data = unserialize($this->data);
116     if($this->oldName != $this->name) {
117       $this->model()->updateByPk($this->oldName, array("name"=>$this->name));
118       $criteria = new CDbCriteria();
119       $criteria->condition = "itemname='".$this->oldName."'";
120       Assignments::model()->updateAll(array('itemname'=>$this->name),$criteria);
121       $criteria->condition = "parent='".$this->oldName."'";


0

#703 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 18 April 2011 - 12:04 AM

Hi Spyros,


I want to alter table 'itemchildren' to add a column called 'direct_action' to 'module/controller/action' or 'controller/action' that can be directly user in CHtml::link() - ideally when Task is saved.


At your convenience, can you please tell me how to do this easily in AuthItem.afterSave().


Thanks for the wonderful extension.


Regard,
D
0

#704 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 18 April 2011 - 12:10 AM

View PostPradhan, on 18 April 2011 - 12:04 AM, said:

Hi Spyros,

I want to alter table 'itemchildren' to add a column called 'direct_action' to 'module/controller/action' or 'controller/action' that can be directly user in CHtml::link() - ideally when Task is saved.

At your convenience, can you please tell me how to do this easily in AuthItem.afterSave().

Thanks for the wonderful extension.

Regard,
D


Sorry, On a closer look I think my ideal table will be items.



0

#705 User is offline   Deepak Pradhan 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 209
  • Joined: 01-May 09
  • Location:Charlotte, NC

Posted 18 April 2011 - 12:36 AM

View PostPradhan, on 18 April 2011 - 12:10 AM, said:

Sorry, On a closer look I think my ideal table will be items.






Done in AuthitemController::actionAutoCreateItems() with $auth->direct_action = trim($controller . '/'. (count($act) > 1 ? $act[1] : $act[0]));



0

#706 User is offline   yuda 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 23-December 10

Posted 04 May 2011 - 10:11 PM

I have set an action that has a parameter(e.g actionIndex($p)) to alwaysallowed in srbac system. And it's saved in allowed.php in srbac system. When I try to access the page, I've got this message :

Error:403 'You are not authorized for this action'

Error while trying to access /page/index.

When I try to remove the parameter inside the allowed.php file.It works, I can access those action. What happen actually? is that a bug? or something that I miss???

thanks in advance...

P.S: I've already delete actionRules inside my controller, and I still found those message. ???
0

#707 User is offline   banago 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 20
  • Joined: 10-March 11
  • Location:Piz da Dufour

Posted 25 May 2011 - 09:34 AM

Hi

This really seems to be a great extension. Easy to use etc.
I installed it and it seem to work more or less...

in my case there I'm getting the same error when I click on "Autocreate AuthItems", "Edit always allowed list" and "Clear obsolete authitems"

It say the alias "import.ImportModule" is invalid.
And I shall make sure that the alias points to an existing PHP File...

But unfortunately I couldn't find anything about that error.

What could be the Problem?

Here is the Errormessage:

CException

Alias "import.ImportModule" ist ung├╝ltig. Stellen Sie sicher, dass er auf eine existierende PHP-Datei verweist. (/var/www/Yii/framework/YiiBase.php:310)

#0 /var/www/Yii/framework/YiiBase.php(190): YiiBase::import('import.ImportMo...', true)
#1 /var/www/Yii/framework/base/CModule.php(266): YiiBase::createComponent('import.ImportMo...', 'import', NULL, Array)
#2 /var/www/JobCockpit/protected/modules/srbac/controllers/AuthitemController.php(933): CModule->getModule('import')
#3 /var/www/JobCockpit/protected/modules/srbac/controllers/AuthitemController.php(915): AuthitemController->_getControllers()
#4 /var/www/Yii/framework/web/actions/CInlineAction.php(57): AuthitemController->actionAuto()
#5 /var/www/Yii/framework/web/CController.php(300): CInlineAction->run()
#6 /var/www/Yii/framework/web/CController.php(278): CController->runAction(Object(CInlineAction))
#7 /var/www/Yii/framework/web/CController.php(257): CController->runActionWithFilters(Object(CInlineAction), Array)
#8 /var/www/Yii/framework/web/CWebApplication.php(328): CController->run('auto')
#9 /var/www/Yii/framework/web/CWebApplication.php(121): CWebApplication->runController('srbac/authitem/...')
#10 /var/www/Yii/framework/base/CApplication.php(155): CWebApplication->processRequest()
#11 /var/www/JobCockpit/index.php(16): CApplication->run()
#12 {main}


B) B) B) B) B) B) B) B)
So then I found the problem an my 'answer-my-posts-by-myself'-rate has increased once again...

The problem was....

Somehow I had a misconfiguration in the config/main.php:

'import'=>array(
'application.modules.srbac.controllers.SBaseController',
),

-> This was causing the error ::)
I added that because it was written in the manual and I didn't realize that 'application.modules.srbac.controllers.SBaseController',
should be added in the existing import array at the beginning of the config/main.php :rolleyes:
0

#708 User is offline   Backslider 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 363
  • Joined: 23-July 09

Posted 05 June 2011 - 01:35 AM

Why does "Superuser" need anything assigned to them?
We were all once expert at....... nothing.

yii-language-behavior

My Blog
0

#709 User is offline   lukBB 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 45
  • Joined: 08-December 10

Posted 13 June 2011 - 04:58 AM

Hi, thanks for this extension, i hope it will solve my role problems. I just installed it, i have generated demo data, and so far there was no problems. One thing I can't solve is that ajax links under /srbac/authitem/manage don't work. I mean Autocreate Auth Items, Edit always allowd links and clear absolete authItems. All links redirect to ../srbac/authitem/manage#

I've checked, javascripts are enabled. Is this a common problem ? (i hope so:)
Please let me know if you have this disabled ajax links problem.
regards
lukBB
0

#710 User is offline   Ivica 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 317
  • Joined: 25-May 11

Posted 15 July 2011 - 02:05 AM

I found one issue, which might and might not be bug.

Where there are no users with Authority roles, all users, and even guests will have access to srbac module. This case is explained in Helper::isAuthorizer function, so you might want to change code to ensure that when Authority role is not assigned, nobody will have access to srbac module.
Zurmo: Yii Powered Open Source CRM
zurmo.org
0

#711 User is offline   Spyros 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 461
  • Joined: 14-April 09
  • Location:Athens - Greece

Posted 15 July 2011 - 02:30 AM

View PostIvica, on 15 July 2011 - 02:05 AM, said:

I found one issue, which might and might not be bug.

Where there are no users with Authority roles, all users, and even guests will have access to srbac module. This case is explained in Helper::isAuthorizer function, so you might want to change code to ensure that when Authority role is not assigned, nobody will have access to srbac module.

Thanks,
This is not a bug but it can be confusing.
I 'll consider removing access to srbac when authority is not assign, but this way you can only access srbac (to actually set the authority role to a user) in debug mode
0

#712 User is offline   Worp 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 19-July 11

Posted 21 July 2011 - 08:58 AM

CException
Alias "srbac.SrbacModule" is invalid. Make sure it points to an existing PHP file.


This is the exception i get after installing srbac...
I searched the forums, which said "the file can probably not be accessed by the webserver", which was true in the beginning. Now i set the chmod of the extension folder, the srbac folder and the SrbacModule.php file to "777" and still the same error occurs.
I also tried the advice to from This Topic:

Quote

replaced the 'class'=>'modules.srbac.components.SDbAuthManager', line with:
'class'=>'application.modules.srbac.components.SDbAuthManager'


which did not fix it either. Besides of that i fail to find the definition of a "valid alias" or where to define a valid alias.
The description of srbac simply says "must be a valid alias".

Can anyone tell me where i am wrong (probably simply too blind)?


Here is my config file:
<?php

// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');

// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
	'name'=>'My Web Application',

	// preloading 'log' component
	'preload'=>array('log'),

	// autoloading model and component classes
	'import'=>array(
		'application.models.*',
		'application.components.*',
		'application.modules.srbac.controllers.SBaseController',
	),

	'modules'=>array(
		// uncomment the following to enable the Gii tool
		'gii'=>array(
			'class'=>'system.gii.GiiModule',
			'password'=>'xxxx',
		 	// If removed, Gii defaults to localhost only. Edit carefully to taste.
			'ipFilters'=>array('127.0.0.1','::1'),
			'ipFilters'=>array('MyOwnIP'),			
		),

//---------------------------- SRBAC -------------------------------------------------------------------

		'srbac' => array(
			'userclass'=>'User', //default: User
			'userid'=>'user_ID', //default: userid
			'username'=>'username', //default:username
			'delimeter'=>'@', //default:-
			'debug'=>true, //default :false
			'pageSize'=>10, // default : 15
			'superUser' =>'Authority', //default: Authorizer
			'css'=>'srbac.css', //default: srbac.css
			'layout'=>
			'application.views.layouts.main', //default: application.views.layouts.main,
			//must be an existing alias
			'notAuthorizedView'=> 'srbac.views.authitem.unauthorized', // default:
			//srbac.views.authitem.unauthorized, must be an existing alias
			'alwaysAllowed'=>array( //default: array()
			'SiteLogin','SiteLogout','SiteIndex','SiteAdmin',
			'SiteError', 'SiteContact'),
			'userActions'=>array('Show','View','List'), //default: array()
			'listBoxNumberOfLines' => 15, //default : 10 
			'imagesPath' => 'srbac.images', // default: srbac.images 
			'imagesPack'=>'noia', //default: noia 
			'iconText'=>true, // default : false 
			'header'=>'srbac.views.authitem.header', //default : srbac.views.authitem.header,
			//must be an existing alias 
			'footer'=>'srbac.views.authitem.footer', //default: srbac.views.authitem.footer,
			//must be an existing alias 
			'showHeader'=>true, // default: false 'showFooter'=>true, // default: false
			'alwaysAllowedPath'=>'srbac.components', // default: srbac.components
			// must be an existing alias )
		)

//-----------------------------------------------------------------------------------------------
	),

	// application components
	'components'=>array(
		'user'=>array(
			// enable cookie-based authentication
			'allowAutoLogin'=>true,
		),
		// uncomment the following to enable URLs in path-format
		/*
		'urlManager'=>array(
			'urlFormat'=>'path',
			'rules'=>array(
				'<controller:\w+>/<id:\d+>'=>'<controller>/view',
				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
			),
		),
   		'showScriptName'=>false,
		*/
		/*
		'db'=>array(
			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',
		),
		*/
		// uncomment the following to use a MySQL database
		'db'=>array(
			'connectionString' => 'mysql:host=xxxx;dbname=xxxx',
			'emulatePrepare' => true,
			'username' => 'xxxx',
			'password' => 'xxxx',
			'charset' => 'utf8',
		),
		'errorHandler'=>array(
			// use 'site/error' action to display errors
            'errorAction'=>'site/error',
        ),
		'log'=>array(
			'class'=>'CLogRouter',
			'routes'=>array(
				array(
					'class'=>'CFileLogRoute',
					'levels'=>'error, warning',
				),
				// uncomment the following to show log messages on web pages
				/*
				array(
					'class'=>'CWebLogRoute',
				),
				*/
			),
		),

//---------------------------- AuthManager-------------------------------------------------------------------

		'authManager'=>array(
			// Path to SDbAuthManager in srbac module if you want to use case insensitive
			//access checking (or CDbAuthManager for case sensitive access checking)
			'class'=>'application.modules.srbac.components.SDbAuthManager',
			// The database component used
			'connectionID'=>'db',
			// The itemTable name (default:authitem)
			'itemTable'=>'items',
			// The assignmentTable name (default:authassignment)
			'assignmentTable'=>'assignments',
			// The itemChildTable name (default:authitemchild)
			'itemChildTable'=>'itemchildren',
		),

//-----------------------------------------------------------------------------------------------
	),

	// application-level parameters that can be accessed
	// using Yii::app()->params['paramName']
	'params'=>array(
		// this is used in contact page
		'adminEmail'=>'xxxxx',
	),
);

0

#713 User is offline   Spyros 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 461
  • Joined: 14-April 09
  • Location:Athens - Greece

Posted 21 July 2011 - 09:38 AM

It's a silly question but have you put the srbac directory under
protected/modules/
0

#714 User is offline   Worp 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 19-July 11

Posted 21 July 2011 - 10:36 AM

View PostSpyros, on 21 July 2011 - 09:38 AM, said:

It's a silly question but have you put the srbac directory under
protected/modules/

Sad thing is...as silly the question might be. I did not. But now i do and the same problem remains entirely unchanged =(
The srbac-folder is now in
/protected/modules/
and still
"CException
Alias "srbac.SrbacModule" is invalid. Make sure it points to an existing PHP file."

*edit:
The srbac folder was in "protected/extensions" before that.
0

#715 User is offline   Fog 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 17-July 11

Posted 22 July 2011 - 04:25 AM

Hi,


Thanks to the web interface I was easily able to automatically create operations and tasks with my controllers. Then I create roles and I've assigned to my users.

Only once this is done, I was not able to use user roles to restrict their actions. I missed all the subtleties of this guide.
How can I do this?
And where do I do? In all my controllers or in a WebUser class?


Regards,
Fog
0

#716 User is offline   Spyros 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 461
  • Joined: 14-April 09
  • Location:Athens - Greece

Posted 22 July 2011 - 04:54 AM

Your controllers (or the components/Controller if all your controllers extend this) should extend SBaseController.
Also remove the filter method from your controllers (or Controller)
0

#717 User is offline   Fog 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 17-July 11

Posted 22 July 2011 - 05:35 AM

View PostSpyros, on 22 July 2011 - 04:54 AM, said:

Your controllers (or the components/Controller if all your controllers extend this) should extend SBaseController.
Also remove the filter method from your controllers (or Controller)


Thanks, but I have already doing this.
Finally I misrepresented my problem.

I want to restrict access to different parts of my website and limit the actions, depending on the user's role.
For that, I do not know if I have to use the method checkAccess in all methods of each controller.
Or if I have to use this method in my class WebUser.


Because for now, all my users are seen as guest ^_^
As you can see, the use of srbac is still fuzzy to me :P
0

#718 User is offline   Fog 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 17-July 11

Posted 25 July 2011 - 04:35 AM

With the end of the week I did my homework and I managed to run srbac the way I wanted :)

Surprisingly users are still connecting signature as a guest and I really do not understand why.
Because the backup without Srbac modules, authentication worked perfectly fine.

This may be unrelated Srbac, but I passed.


This is my authenticate method in UserIdentity :

	public function authenticate()
	{
		Yii::trace('UserIdentity::authenticate');
		$ldap = new Ldap();
		
		//if ($_SERVER['PHP_AUTH_USER'] == ""  || $_SERVER['PHP_AUTH_PW']=='' ) {
			$_SERVER['PHP_AUTH_USER'] = $this->username;
			$_SERVER['PHP_AUTH_PW'] = $this->password;
		//}
		
		// authentication throw LDAP component
		$rep = $ldap->ldap_authenticate();
		//echo $rep;
		//if (is_array($rep) || is_object($rep)) {
		if ($rep[0]=='uid')  {
			$this->setState('rpi', Yii::app()->user->name);
			Yii::trace($this->getState('rpi'));
			$this->_attributes = $ldap->getallAttribute($this->username);
			$this->errorCode = ERROR_NONE;
			
		} else $this->errorCode = ERROR_PASSWORD_INVALID;
		$ldap->ldap_disconnect();
		unset($ldap);
		return $this->errorCode;
	}

0

#719 User is offline   Spyros 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 461
  • Joined: 14-April 09
  • Location:Athens - Greece

Posted 25 July 2011 - 04:55 AM

View PostFog, on 25 July 2011 - 04:35 AM, said:

Surprisingly users are still connecting signature as a guest and I really do not understand why.


Sorry, I don;t understand what you mean by that.
Users are connected but shown as guests?
Guest can behave as authenticated users?
Something else?
0

#720 User is offline   Fog 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 11
  • Joined: 17-July 11

Posted 25 July 2011 - 05:03 AM

A user is never really authenticate because it is still considered a guest.
But when I log the user's role is properly recognized.

Will I do it wrong when I get the role of the user as well?
        	$userid = Yii::app()->db->createCommand()->select('id')->from('user')
		       ->where('rpi=:rpi', array(':rpi'=>Yii::app()->user->name))->queryScalar();
		    $role = Yii::app()->db->createCommand()->select('itemname')->from('assignments')
		       ->where('userId=:user', array(':user'=>$userid))->queryScalar();



Obviously I should ask my questions in another topic, because my problem is not the module SRBAC.
But my lack of understanding of the use of authentication and Authorization


My problem is solved.
I commented lines of code and I forgot it, it's a silly mistake.

This post has been edited by Fog: 26 July 2011 - 04:11 AM

0

Share this topic:


  • (38 Pages)
  • +
  • « First
  • 34
  • 35
  • 36
  • 37
  • 38
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users