Yii Framework Forum: Authorization: Role based access control made easy - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Authorization: Role based access control made easy Module preview [svn checkout available] Rate Topic: -----

#1 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 28 March 2010 - 05:19 PM

Hello there,

Looking for a simple yet extensive database driven access control?
If so, this module might just be for you.

I've written an authorization management module that utilizes Yii's built-in database authorization management system (CDbAuthManager) to provide a web interface for hierarchical role-based access control.

I noticed that there were already some similar extensions available, but I felt that I'd be better off by writing my own.

The largest difference between other modules alike (from what I've seen) is that my module doesn't do a single query. Instead it uses the build-in functions of CDbAuthManager and CAuthItem. I think it's a bit overkill to alert the database structure as the operations are often runtime cached.

I've implemented automatic controller access control by providing an own filter.

Here's a rough list of the current features:

  • Roles organized in a hierarchy
  • Manage roles
  • Create/Update/Delete roles
  • Promote/Demote roles
  • Assign/Revoke roles to/from users
  • Manage permissions
  • Inherited permission
  • Create/Update/Delete operations and tasks
  • Assign/Revoke operations and tasks to/from roles
  • Manage Operations
  • Manage Tasks
  • Support for Business rules (and Data)
  • Automatic controller access control
  • Cross-browser and cross-database compatibility


The project can be found on Google Code and in the Yii extension library:
http://yii-auth.googlecode.com
http://www.yiiframew.../authorization/

It shouldn't take more than a few minutes to set up the module so give it a try if you need a solid interface for your application's access control.

And here's some fresh screenshots of the current interface:

Posted Image
Posted Image
Posted Image
Posted Image

No downloads are available at this time but it's possible to do a checkout from Google Code:
http://code.google.c...source/checkout

Download will be available with the version 1.0 is release.

I've done basic testing but I haven't had time to do extensive testing yet so use the module at your own risk. If you find bugs or have good ideas on how to improve this module please leave a comment.

It would be nice if people that are interested in authorization management would take a look and tell what they like and dislike or what could be done better.

Thank you for reading.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#2 User is offline   Zeph 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 43
  • Joined: 28-February 10

Posted 30 March 2010 - 10:50 AM

Looks good (other than the colors :) ) . I would encourage you to post it. However, I have some suggestions for the documentation.

a) List differences from srbac which is another module that provides a GUI front-end to the native rbac.
B) Do you provide all the features provided by CDbAuthManager and the related classes?

I'm also working on something similar but I'm modifying the core behavior to reduce the number of db queries and to reduce the reliance on 'bizrules'.
0

#3 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 31 March 2010 - 07:36 AM

View PostZeph, on 30 March 2010 - 10:50 AM, said:

Looks good (other than the colors :) ) . I would encourage you to post it. However, I have some suggestions for the documentation.

a) List differences from srbac which is another module that provides a GUI front-end to the native rbac.
B) Do you provide all the features provided by CDbAuthManager and the related classes?

I'm also working on something similar but I'm modifying the core behavior to reduce the number of db queries and to reduce the reliance on 'bizrules'.


I will post it as an extension when I have time to do a full review of my code and package it.

Regarding the differences with srbac I'd say that it the UI doesn't relay on JavaScript and it's very minimalistic. To identify further differences I need to try out srbac myself. I'll report my findings after I've tried it.

I'm also considering not to use the AuthChild for defining role to role relations. Instead I would like to place all roles in a separate table (possibly RoleHierarchy) with an order column to make it easier to promote and demote roles.

Concerning the BizRules, I haven't removed the support but I'm not really a fan of using them. This is because I haven't modified any of the CDbAuthManager database tables (yet). :)
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#4 User is offline   Zeph 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 43
  • Joined: 28-February 10

Posted 31 March 2010 - 07:47 AM

View PostChris83, on 31 March 2010 - 07:36 AM, said:

I'm also considering not to use the AuthChild for defining role to role relations. Instead I would like to place all roles in a separate table (possibly RoleHierarchy) with an order column to make it easier to promote and demote roles.


Could you elaborate on this.

If and when you do change the db structure, do keep performance in mind during the access check phase.
0

#5 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 01 April 2010 - 06:17 AM

View PostZeph, on 31 March 2010 - 07:47 AM, said:

Could you elaborate on this.

If and when you do change the db structure, do keep performance in mind during the access check phase.


Currently if you want to move a role up or down in the hierarchy (AuthChild) you need to remove and add three children. This is done because we need to reorganize the relations between parent- and child roles. I would like to avoid this and simply swap order numbers between the two affected roles.

As you already mentioned the real challenge here is performance because then we would need to look in an additional table when calling checkAccess().
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#6 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 19 April 2010 - 06:26 AM

My authorization-module is now available for review and testing.

Details can be found on my first post under this thread.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#7 User is offline   JFReyes 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 508
  • Joined: 28-October 09
  • Location:Puerto Rico

Posted 22 April 2010 - 10:01 AM

There's an error in your documentation:

Quote

2. Change your User update action according to the following example:

public function actionUpdate()
{
// Load the model
$model = $this->loadModel();

// Get the role currently assigned to the user
$assignedRole = $auth->getAssignedRole($model->id);



The last statement should be:
$assignedRole = Yii::app()->getModule('authorization')->auth->getAssignedRole($model->id);

Otherwise PHP complains about unknown variable $auth.

I'll report any other problems I find. Thank you.
José
0

#8 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 22 April 2010 - 11:43 AM

View PostJFReyes, on 22 April 2010 - 10:01 AM, said:

There's an error in your documentation:



The last statement should be:
$assignedRole = Yii::app()->getModule('authorization')->auth->getAssignedRole($model->id);

Otherwise PHP complains about unknown variable $auth.

I'll report any other problems I find. Thank you.


Actually the code isn't even needed because it's directly called when assigning the role.

I've removed this line from the readme.txt.

Thank you for reporting this. All feedback, negative or positive are more than welcome.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#9 User is offline   JFReyes 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 508
  • Joined: 28-October 09
  • Location:Puerto Rico

Posted 23 April 2010 - 01:26 PM

I realize it doesn't make much of a difference but in auth.css:
.authTable th
{
	background:#6885A4 url('../images/bg_tableheader.gif') repeat-x top left !important;
	color:white;
}


the .gif image is not included in the distribution. Just so you know...

Thanks.
José
0

#10 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 23 April 2010 - 03:09 PM

View PostJFReyes, on 23 April 2010 - 01:26 PM, said:

I realize it doesn't make much of a difference but in auth.css:
.authTable th
{
	background:#6885A4 url('../images/bg_tableheader.gif') repeat-x top left !important;
	color:white;
}


the .gif image is not included in the distribution. Just so you know...

Thanks.


I noticed this a while ago and removed background-style because it shouldn't be either. Please update and you'll have an up to date style sheet. There has also been other improvements to the module, you can read about them on the project page.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#11 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 04 May 2010 - 05:01 PM

Version 0.8 released

Newest features:

  • Automatic controller access control
  • Always allowed controller actions
  • General code quality improvements
  • Optional support for business rules and data (set in module config)


Tasks to be done before version 1.0 release:

  • Minor improvements
  • Extensive testing


Everything about the module can be found on the project on Google Code:
http://yii-auth.googlecode.com
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users