Yii Framework Forum: Rights Module Seems Unused - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Rights Module Seems Unused Rate Topic: -----

#1 User is offline   philos67 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 02-June 14

Posted 02 June 2014 - 07:42 AM

Hello,

I have installed and configured my app to use the modules user and rights by following carefully this doc :

yii-rights-doc-1.2.0.pdf

here is the organisation of the files :

protected
-modules
--user-
--rights-
--threads
---controllers
----ThreadsController.php
---models
----Threads.php
---views
----threads
-----[all views]

here is my protected/config/main.php :

 25     'modules'=>array(
 26         'threads',
......
 40         'user'=>array(
 41             'tableUsers' => 'users',
 42             'tableProfiles' => 'profiles',
 43             'tableProfileFields' => 'profiles_fields',
 44             'debug'=>false,
 45         ),
 46         'rights',
......
 49     'components'=>array(
 50         'user'=>array(
 51             // enable cookie-based authentication
 52             //'allowAutoLogin'=>true,
 53             'class' => 'RWebUser',
 54             'allowAutoLogin'=>true,
 55             'loginUrl' => array('/user/login'),
 56         ),
 57         'authManager'=>array(
 58             'class'=>'RDbAuthManager',
 59             'connectionID'=>'db',
 60             'itemTable'=>'authitem',
 61             'itemChildTable'=>'authitemchild',
 62             'assignmentTable'=>'authassignment',
 63             'rightsTable'=>'rights',
 64             'defaultRoles'=>array('Authenticated', 'Guest'),
 65         ),
......


I have this in protected/components/Controller.php

......
6 class Controller extends RController
......


I have this in my controller module protected/modules/threads/ThreadsController.php

......
 3 class ThreadsController extends Controller
......
 14     public function filters()
 15     {
 16         return array(
 17             'rights',
 18             'postOnly + delete', // we only allow deletion via POST request
 19         );
 20     }
 21
 22     public function allowedActions()
 23     {
 24         return 'index';
 25     }
......


In the rights module management interface, I have :

- 3 roles defined : Admin / Authenticated / Guest
- admin assigned to the roles Admin and Authenticated
- phil assigned to the role Authenticated only

I haven't defined any Permission, task or operation in the admin rights backend, so that nothing should be allowed to anybody except admin.
The problem, is that when I'm not logged in, I can Create, Update or Delete anything from my Threads module.

Any Idea what I'm missing ?

regards

Philippe
0

#2 User is offline   philos67 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 6
  • Joined: 02-June 14

Posted 04 June 2014 - 05:45 AM

After reinstalling the rights module, I progress but there are still some strange behaviours :

in the admin rights backend, when I assign Threads.* to the role "Authenticated" and the same Threads.* is not assigned to "Guest", I can make all I want even if I'm not logged in

If I revoke Threads.* to the "Authenticated" role, I cannot acces Threads.

it looks like the "Authenticated" role doesn't play its role, isn't it ?

Best

Philippe
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users