[Extension] Auth

Hey All,

This is the thread for discussing my latest extension, Auth:

http://www.yiiframework.com/extension/auth

Feel free to post any questions you have regarding extension below.

Hi Chris,

You’ve made a great module, again, thanks!

Short question: is there an ‘admin-account’-functionality, which gives the admin entrence to everything? It was available in Rights, and I liked it :-). Thanks!

Laurens

Hi Laurens,

I’m not sure “admin-account” functionality refers to, but note that when migrating from Rights to Auth, one thing I had to do is to implement the isSuperUser feature in my WebUser class; that is something not provided by Auth (but really fast & easy to adapt).

Hope it helps

B)

I’ve added support for bypassing access checks for specified users in version 1.3.0.

Hi, I’m trying to get a demo yii app with this extension working.

I edited my config/main.php.

When I try to add a role (foobar): yiiapp.local/auth/role/view/name/foobar I get php notice "Trying to get property of non-object" at yiiapp.local/protected/modules/auth/controllers/AuthItemController.php(133)

At first I thought it was a compatibility problem with "user" extension, but this "yiiapp" application is a clean one, with yii-bootstrap and User class took from your demo.

Any idea? :)

Hey delphaber,

Sounds like a problem with your authorization manager, make sure that you configured it correctly. That error can only occur if the application somehow fails to create the authorization item. I hope this helps you to solve your issue.

Thank you :) I’m going to inspect that path!

Hi, I would first like to thank you for providing this awesome extension. I haven’t had much time with php and even less time with yii so I hope you can bear with me.

While following the documentation I ran into the following:

public function filters()

{

return array(

array('auth.components.AuthFilter'),

)[color="#FF0000"],[/color]

}

I am not really sure if this is a typo but the comma(,) after the last parenthesis should be replaced by a semicolon (;)? (just want to make sure since I got errors with the comma)

Also I got an error:

protected\modules\auth\components\AuthFilter.php(41): YiiBase::t("AuthModule.main", "Access denied.")

     $itemName .= '.' . $controller->action->getId();


     if ($user->checkAccess($itemName))


        return true;


     


     throw new CHttpException(401, Yii::t('AuthModule.main', 'Access denied.'));


 }

}

I am not really sure why it caused the error but I tried replacing it with:

throw new CHttpException(401,‘Access denied.’);

This seemed to fix the error but now only the superuser had access to the tasks (although other roles were configured to have permission).

In the end, instead of using array(‘auth.components.AuthFilter’) I tried using ‘rights’ (filter from your Rights Extension extending Rcontroller). Although I haven’t tested it much it seems to work perfectly.

Again I haven’t had much time with php and yii so maybe everything I said might be completely wrong.

Just wanted to say “THANK YOU” for this great extension. Very useful and saves me a lot of time :)

You must define




'import'=>array(

     'application.modules.auth.*',

     'application.modules.auth.components.*',

	),



in "protected/config/main.php"

You must define




'import'=>array(

     'application.modules.auth.*',

     'application.modules.auth.components.*',

	),



in "protected/config/main.php"

[/quote]

Thanks a lot!

Now everything works perfectly :D

CDbAuthManager and its behaviors do not have a method or closure named "getItemsPermissions".

I am getting this, does anyone have any ideas?

how I can set the permission of a page to guest

in Yii auth

AuthAssignmentItemsColumn.php

have problem its check whether logined user is admin instead of user of that row.

so even for non-admin user it will show ‘Administrator’ instead of Assigned items

A trivial question but is there a tutorial of how to setup this extension with CPhpAuthManager. To be honest I am struggling to understand how it all fits together and each time I go to the guide to search for guidance I’m thrown away.

[list=1]

[*]I previously was using the basic authentication method using the accessRules() of the Controller and with accessControl in filters.

[*]I managed so far to install the extension along with Bootstrap, set it up to use the bootstrap theme and configure the main.php as per the instructions.

[*]I created a user table with id,name,username,password and role fields and updated the UserIdentity.php authenticate() method to check for the user in the DB. That’s working fine.

[]I went into r=auth with user <<admin>>, and setup several operations like this: item.

[]I created a task name itemAdmin whose child is the item. operation

[*]I created a role named admin whose child is itemAdmin.

[*]I assigned this role to my <<someuser>> user.

[/list]

When loging in as <<someuser>> and trying to access any of the controller actions it says Error 401 Permission denied.

What do I do with the accessControl and accessRules? Do I have to change that?

Now how do I move forward from here?

Well this might be kind of embarrassing since for many this might have been obvious but for the few others that could be struggling these are the steps I took to get it to work. Hope it helps someone.

These are the steps I followed to achieve the use of Auth with CPhpAuthManager.

  1. Create a table and model user with id,name,username,password,role.

  2. Add one user:

[indent]

name= Administrator

username = admin

password = admin

role = admin

[/indent]

  1. Create a basic auth.txt and auth.php file in protected/data (follow Wiki mentioned below)

  2. Install Auth and Bootstrap

Configure the authManager component




'authManager' => array(

	'class'=>'CPhpAuthManager',

	'behaviors' => array(

		'auth' => array(

			'class' => 'auth.components.AuthBehavior',

			'admins'=>array('admin'), // users with full access

		),

	),

),



  1. Copy the Bootstrap theme into application themes and rename as bootstrap

  2. For theming only the Auth module had to configure Auth to use the theme layout located in themes/bootstrap/views/layouts/main.php

  3. Modify UserIdentity




private $_id=null;


public function getId()

{

	return $this->_id;

}	




In the authenticate() function:




$this->_id=$user->id;

$this->username=$user->username;




$auth=Yii::app()->authManager;

if(!is_null($user->role)){

    if(!$auth->isAssigned($user->role,$this->_id))

    {

        if($auth->assign($user->role,$this->_id))

        {

            Yii::app()->authManager->save();

        }

		

    }

}



  1. Modify Controllers:



public function filters()

{

	return array(

		//'accessControl',

		array('auth.filters.AuthFilter'),

		'postOnly + delete',

	);

}

	

public function accessRules()

{

        /* ..... */

}



  1. Login as admin

  2. navigate to r=auth

  3. Create some operations in the form controllerId.*

  4. Create tasks and add operations to them

  5. Create roles and add tasks or operations to them

  6. Assign roles to the users (the Auth module reads them from the Database).

  7. In a wiki (http://www.yiiframework.com/wiki/65/how-to-setup-rbac-with-a-php-file#hh4) read that you should revoke all assigned operations to the user upon logout, not sure if really needed.

yes i found this problem too.

i remove the if check (on line 36 of AuthAssignmentItemsColumn.php) and the problem seem to solve

Me too solved the porblem by editng widgets/AuthAssignmentItemsColumn.php

i used it with Yii user extension so i changed it like below





$userArr=Yii::app()->getModule('user')->getAdmins();

		if (in_array($data->username, $userArr)) 

			echo Yii::t('AuthModule.main', 'Administrator');

		else

		{



I use the following in config/main.php




return array(

  'modules' => array(

    'auth',

  ),

  'components' => array(

    'authManager' => array(

      .....

      'behaviors' => array(

        'auth' => array(

          'class' => 'auth.components.AuthBehavior',

          'admins'=>array('admin', 'foo', 'bar'), // users with full access

        ),

      ),

    ),

    'user' => array(

      'class' => 'auth.components.AuthWebUser',

    ),

  ),

);

I get error

If I comment line

‘admins’=>array(‘admin’, ‘foo’, ‘bar’), // users with full access

error goes off. Is this a bug?

You can remove specific actions from the access filtering like this:




public function filters()

{

    return array(

        array('auth.components.AuthFilter - guestAction1, guestAction2, ...'),

    );

}



Likewise you can specify which actions should be filtered by changing the minus sign to plus.