Yii Framework Forum: [EXTENSION] Rights - Yii Framework Forum

Jump to content

  • (32 Pages)
  • +
  • « First
  • 16
  • 17
  • 18
  • 19
  • 20
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

[EXTENSION] Rights Yii access control evolved. Extensive web interface for CDbAuthManager

#341 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 09 April 2011 - 03:54 PM

View PostClaCS, on 08 April 2011 - 10:08 AM, said:

Hi!

I actually have the 1.2 version and I want to update to 1.3 ... so I download it and replace it 1.2 to 1.3 rights folder but when I try to login I get the 403 error

You are not authorized to perform this action.


Why?? ... with the previous version I didn't have that problem :huh:

regards


Hello ClaCS,

This is a known bug which has been fixed in the newest release (r147), please update to fix this issue. Sorry for the late reply and the inconvenience caused by this.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#342 User is offline   feby_lho 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 26-March 11

Posted 10 April 2011 - 03:39 AM

Hi, I'm new in Yii and intend to use rights 1.3

So, I created 'user' table and with gii create its model class
Then, I got error message and can't access rights page, in 1.2 no error message like this
is this what you mean in log
"Fixed the problem that access was granted to Rights when no superuser were found"?

Error 403
There must be at least one superuser!

How can I fix this? Should I insert one user first manually? just in 'user' table? what about other tables like authassignment,authitem,authitemchild, and rights?
is there any relationship with user table that I created?

thanks.
0

#343 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 10 April 2011 - 09:11 AM

View Postfeby_lho, on 10 April 2011 - 03:39 AM, said:

Hi, I'm new in Yii and intend to use rights 1.3

So, I created 'user' table and with gii create its model class
Then, I got error message and can't access rights page, in 1.2 no error message like this
is this what you mean in log
"Fixed the problem that access was granted to Rights when no superuser were found"?

Error 403
There must be at least one superuser!

How can I fix this? Should I insert one user first manually? just in 'user' table? what about other tables like authassignment,authitem,authitemchild, and rights?
is there any relationship with user table that I created?

thanks.


Hello feby_lho,

You need to run the installer because it seems that you do not have a superuser.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#344 User is offline   feby_lho 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 26-March 11

Posted 10 April 2011 - 11:08 AM

View PostChris83, on 10 April 2011 - 09:11 AM, said:

Hello feby_lho,

You need to run the installer because it seems that you do not have a superuser.


I've run the installer, but it just create authassignment, authitem, authitemchild, and rights, the user table did not created automatically, is this correct?

when I first run the installer, it show error message about user class, so I create user table manually first,
id, username, password, salt, email...
and then generate user model from gii. I run the installer again and show 403 about superuser, is there something wrong? or I have to configure any file first besides the configuration settings listed in docs?

thanks
0

#345 User is offline   alpha2010m 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 10-April 11

Posted 10 April 2011 - 03:48 PM

Hi
I use rights and install it
all thing work good but only create action work with any users loged in to system.
for example i use model CVPost with create,index,admin,view,update .
i create two user one user have access create,index,admin,view and update
but user two only access update and view action.
my problem is user two can access to create action too.
what is problem?
i test it for general model and model in modules and its work same and not different
regards
Alex
0

#346 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 11 April 2011 - 01:53 AM

View Postfeby_lho, on 10 April 2011 - 11:08 AM, said:

I've run the installer, but it just create authassignment, authitem, authitemchild, and rights, the user table did not created automatically, is this correct?

when I first run the installer, it show error message about user class, so I create user table manually first,
id, username, password, salt, email...
and then generate user model from gii. I run the installer again and show 403 about superuser, is there something wrong? or I have to configure any file first besides the configuration settings listed in docs?

thanks


You could try dropping all tables related to rights, set the install property to true (in your app config) and re-run the installer by going to the route /rights/install/. Let me know if this solves your problem.

Also, the user table/model is not related to Rights in any way. If you want a module for the user you could try out the yii-user. I haven't tried if but I've heard that it's great.

This post has been edited by Chris83: 11 April 2011 - 01:55 AM

Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#347 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 715
  • Joined: 29-November 08
  • Location:Paris, France

Posted 11 April 2011 - 04:56 AM

Hi Chris,
I'm trying to install Rights on a clean and empty environment. The DB only contains one table :

CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(45) DEFAULT NULL,
  PRIMARY KEY (`id`)
) 


.. so I want to install Rights and so, set the corresponding parameter : install => true. Here is the Rights module declaration I use :

'rights'=>array(
	'install'=>true, 
	'superuserName'=>'admin',    // I have inserted it in the 'user'  table
	'userNameColumn'=>'name',
),


All other default parameter values are ok : the user model is 'User', column names are ok, etc ...
But of course, when I go to rights, I get the following error :

Error 403
There must be at least one superuser!

I may have missed something but I can't see what, so any help will be appreciated ;)
thanks for your help
Raoul
8)

ps: one thing I've noticed is that accessRules in the InstallerController/Run , check for assignments (getAssignmentsByItemName) for the superUser (in my case ' admin'). ... but how come rights is looking for assignments when it is in the process of installing itself ? .. forget it, I may have missed something :)
0

#348 User is offline   feby_lho 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 26-March 11

Posted 11 April 2011 - 05:12 AM

View PostChris83, on 11 April 2011 - 01:53 AM, said:

You could try dropping all tables related to rights, set the install property to true (in your app config) and re-run the installer by going to the route /rights/install/. Let me know if this solves your problem.

Also, the user table/model is not related to Rights in any way. If you want a module for the user you could try out the yii-user. I haven't tried if but I've heard that it's great.


I've tried this and re-run, then redirected to rights/install/ready, but the result still the same.. 403 superuser

generated 4 MyISAM tables,

authassignment
itemname userid bizrule data
Admin admin NULL N;

authitem
name type description bizrule data
Admin 2 NULL NULL N;
Authenticated 2 NULL NULL N;
Guest 2 NULL NULL N;

authitemchild => empty

rights => empty

this is my configuration in config/main.php

<?php

// uncomment the following to define a path alias
// Yii::setPathOfAlias('local','path/to/local-folder');

// This is the main Web application configuration. Any writable
// CWebApplication properties can be configured here.
return array(
	'basePath'=>dirname(__FILE__).DIRECTORY_SEPARATOR.'..',
	'name'=>'Webapp',

	// preloading 'log' component
	'preload'=>array('log'),

	// autoloading model and component classes
	'import'=>array(
		'application.models.*',
		'application.components.*',
		'application.modules.rights.*', 
		'application.modules.rights.components.*',
	),

	'modules'=>array(
		// uncomment the following to enable the Gii tool
		
		'gii'=>array(
			'class'=>'system.gii.GiiModule',
			'password'=>'gii',
		 	// If removed, Gii defaults to localhost only. Edit carefully to taste.
			'ipFilters'=>array('127.0.0.1','::1'),
		),
		'rights'=>array( 
			'install'=>true,      // Enables the installer. 
		),
		
	),

	// application components
	'components'=>array(
		'user'=>array(
			// enable cookie-based authentication
			'allowAutoLogin'=>true,
			'class'=>'RWebUser',
		),
		// uncomment the following to enable URLs in path-format
		
		'urlManager'=>array(
			'urlFormat'=>'path',
			'rules'=>array(
				'<controller:\w+>/<id:\d+>'=>'<controller>/view',
				'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
				'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
			),
		),
		
		/*
		'db'=>array(
			'connectionString' => 'sqlite:'.dirname(__FILE__).'/../data/testdrive.db',
		),
		*/
		
		'authManager'=>array( 
			'class'=>'RDbAuthManager',
		),
		
		// uncomment the following to use a MySQL database
		
		'db'=>array(
			'connectionString' => 'mysql:host=localhost;dbname=skripsi2',
			'emulatePrepare' => true,
			'username' => 'root',
			'password' => '',
			'charset' => 'utf8',
		),
		
		'errorHandler'=>array(
			// use 'site/error' action to display errors
            'errorAction'=>'site/error',
        ),
		'log'=>array(
			'class'=>'CLogRouter',
			'routes'=>array(
				array(
					'class'=>'CFileLogRoute',
					'levels'=>'error, warning',
				),
				// uncomment the following to show log messages on web pages
				/*
				array(
					'class'=>'CWebLogRoute',
				),
				*/
			),
		),
	),

	// application-level parameters that can be accessed
	// using Yii::app()->params['paramName']
	'params'=>array(
		// this is used in contact page
		'adminEmail'=>'feby_lho@mail.com',
	),
);


thanks
0

#349 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 715
  • Joined: 29-November 08
  • Location:Paris, France

Posted 11 April 2011 - 06:40 AM

... I tried again a fresh install and confirm that following tables are created :

  • authassignment,
  • authitem
  • authitemchild
  • rights

They are also populated, however the problem seems to be that the authassignment table contains :

  • itemname = 'admin'
  • userid = 'admin'
  • bizrule = null
  • data = 'N;'

... Now if I manually edit the userid column and set its value to 1 (which is the id of the 'admin' user in the 'user' table) everything works fine.

Regards

8)
1

#350 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 11 April 2011 - 07:38 AM

View PostRaoul, on 11 April 2011 - 04:56 AM, said:

Hi Chris,
I'm trying to install Rights on a clean and empty environment. The DB only contains one table :

CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(45) DEFAULT NULL,
  PRIMARY KEY (`id`)
) 


.. so I want to install Rights and so, set the corresponding parameter : install => true. Here is the Rights module declaration I use :

'rights'=>array(
	'install'=>true, 
	'superuserName'=>'admin',    // I have inserted it in the 'user'  table
	'userNameColumn'=>'name',
),


All other default parameter values are ok : the user model is 'User', column names are ok, etc ...
But of course, when I go to rights, I get the following error :

Error 403
There must be at least one superuser!

I may have missed something but I can't see what, so any help will be appreciated ;)
thanks for your help
Raoul
8)

ps: one thing I've noticed is that accessRules in the InstallerController/Run , check for assignments (getAssignmentsByItemName) for the superUser (in my case ' admin'). ... but how come rights is looking for assignments when it is in the process of installing itself ? .. forget it, I may have missed something :)


The superuserName property is the name of the Role not the name of the user. The users are mapped to authorization items by their id (using the userIdColumn). You get that message if you don't have any users that has the superuser role assigned to them.
Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#351 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 584
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 11 April 2011 - 08:02 AM

Hi,

please add the fact to the documentation, that while installing 'rights' your current (logged in) user gets superuser privileges, see line 126, RInstaller.php:

            // Assign the logged in user the superusers role.
            $sql = "INSERT INTO {$assignmentTable} (itemname, userid, data)
                VALUES (:itemname, :userid, :data)";
            $command = $this->db->createCommand($sql);
            $command->bindValue(':itemname', $this->superuserName);
            $command->bindValue(':userid', Yii::app()->getUser()->id);
            $command->bindValue(':data', 'N;');
            $command->execute();


Or did I just overlook it?


And another little thing, I think the property $superuserName and $authenticatedName is a bit misleading, because they are roles?! I first thought I need a user called 'Admin'.

	/**
	* @property string the name of the role with superuser privileges.
	*/
	public $superuserName = 'Admin';

	/**
	* @property string the name of the guest role.
	*/
	public $authenticatedName = 'Authenticated';


Keep up the good work!


Best regards,
schmunk

PS: Sorry if I am repeating things here, I haven't read all 18 pages completely ;)
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#352 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 584
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 11 April 2011 - 08:13 AM

Hi again,

I am playing around with rights and created a database migration for it:

<?php

class m110402_195159_init extends CDbMigration {

	public function up() {

		echo "*** WARNING ***\nJust for debugging - Primary Key definitions missing!\n\n";

		$this->createTable("AuthAssignment", array(
			"itemname" => "varchar(64) not null",
			"userid" => "varchar(64) not null",
			"bizrule" => "text",
			"data" => "text",
			), "");

		$this->insert("AuthAssignment", array(
			"itemname" => "Admin",
			"userid" => "1",
			"bizrule" => "",
			"data" => "N;",
			));

		$this->createTable("AuthItem", array(
			"name" => "varchar(64) not null",
			"type" => "integer NOT NULL",
			"description" => "text",
			"bizrule" => "text",
			"data" => "text",
			), "");

		$this->insert("AuthItem", array(
			"name" => "Admin",
			"type" => "2",
			"description" => "",
			"bizrule" => "",
			"data" => "N;",
			));

		$this->insert("AuthItem", array(
			"name" => "Authenticated",
			"type" => "2",
			"description" => "",
			"bizrule" => "",
			"data" => "N;",
			));

		$this->insert("AuthItem", array(
			"name" => "Guest",
			"type" => "2",
			"description" => "",
			"bizrule" => "",
			"data" => "N;",
			));

		$this->createTable("AuthItemChild", array(
			"parent" => "varchar(64) not null",
			"child" => "varchar(64) not null",
			), "");

		$this->createTable("Rights", array(
			"itemname" => "varchar(64) not null",
			"type" => "integer NOT NULL",
			"weight" => "integer NOT NULL",
			), "");
	}

	public function down() {
		$this->dropTable('AuthAssignment');
		$this->dropTable('AuthItem');
		$this->dropTable('AuthItemChild');
		$this->dropTable('Rights');
	}

	/*
	  // Use safeUp/safeDown to do migration with transaction
	  public function safeUp()
	  {
	  }

	  public function safeDown()
	  {
	  }
	 */
}


NOTE: Primary Keys currently missing! And a fixed SuperUserId at the moment! *** debug only ***

Would this be (also) an option for installing the module?
Because I am working on a unified way of installing module schemas.


Best regards,
schmunk
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
0

#353 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 715
  • Joined: 29-November 08
  • Location:Paris, France

Posted 11 April 2011 - 08:41 AM

Hi Chris,
thanks for your fast reply.

Quote

The superuserName property is the name of the Role not the name of the user. The users are mapped to authorization items by their id (using the userIdColumn). You get that message if you don't have any users that has the superuser role assigned to them.


Ok then, the superuserName refers to the Role name that should be assigned to the super user. To make things clear, I've change the config to :

'rights'=>array(
        'install'=>true, 
        'superuserName'=>'adminRole',    
        'userNameColumn'=>'name',
), 


After installation, the authassignment table has one single row for assigning the adminRole to the admin user ,
However, the userid col value for this row is 'admin'.... where I think it should be 1 (which is the id of the user called admin in my DB).
If I manually change it to 1 everything works fine ....but I don't understand why I had too. Did I do something wrong ?
8)

0

#354 User is offline   schmunk 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 584
  • Joined: 02-November 08
  • Location:Stuttgart, Germany

Posted 11 April 2011 - 08:51 AM

Hi Raoul,

I stumbled upon the same problem.
Which user identity do you use?

If you're using the default one created by yii's webapp skeleton your id is likely to be 'admin', because of:
	public function authenticate()
	{
		$users=array(
			// username => password
			'demo'=>'demo',
			'admin'=>'admin',
		);
....


And http://www.yiiframew...ntity#id-detail

If you're using another user module (e.g. yii-user) you usually have a database model with a numeric id.
When installing 'rights' it creates a superuser for the currently logged in user. See http://www.yiiframew...dpost__p__89769

Please correct me if I am wrong.


Best regards,
schmunk
Phundament - Yii Application Boilerplate with composer support
Fork on github

Follow phundament on Twitter

DevSystem: Mac OS X 10.7 - PHP 5.3 - Apache2 - Yii 1.1 / trunk - Firefox or Safari
1

#355 User is offline   Raoul 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 715
  • Joined: 29-November 08
  • Location:Paris, France

Posted 11 April 2011 - 09:05 AM

yesssss !!! you are 100% right schmunk !!

... I'm testing rights on a skeleton app and so I'm using the default UserIdentity class. I can now continue testing 'Rights'
Thanks for your help !!

Posted Image
0

#356 User is offline   Chris83 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 440
  • Joined: 27-February 10
  • Location:Helsinki, Finland

Posted 11 April 2011 - 09:54 AM

View PostRaoul, on 11 April 2011 - 09:05 AM, said:

yesssss !!! you are 100% right schmunk !!

... I'm testing rights on a skeleton app and so I'm using the default UserIdentity class. I can now continue testing 'Rights'
Thanks for your help !!

Posted Image


Ah yes, if you're using the default user identity it won't work because it uses the username as the user id, therefore it's not suitable if you have a proper user table and active record.

You can use the UserIdentity -class from the Yii blog demo. Here's a link to the source:
http://code.google.c...serIdentity.php

Also, Rights requires you to have a database because it's built on the CDbAuthManager.

This post has been edited by Chris83: 11 April 2011 - 09:56 AM

Best regards,
Chris

My contribution to the Yii community:
Account | Yiistrap | Auth | Bootstrap | NordCms | Rights | LESS | SEO | Img

Follow me:
Twitter | GitHub | Bitbucket
0

#357 User is offline   feby_lho 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 26-March 11

Posted 11 April 2011 - 12:07 PM

View PostRaoul, on 11 April 2011 - 06:40 AM, said:

... I tried again a fresh install and confirm that following tables are created :

  • authassignment,
  • authitem
  • authitemchild
  • rights

They are also populated, however the problem seems to be that the authassignment table contains :

  • itemname = 'admin'
  • userid = 'admin'
  • bizrule = null
  • data = 'N;'

... Now if I manually edit the userid column and set its value to 1 (which is the id of the 'admin' user in the 'user' table) everything works fine.

Regards

8)


I tried and it works... so it's related to id in user table in this case?
0

#358 User is offline   feby_lho 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 26-March 11

Posted 11 April 2011 - 12:52 PM

View Postschmunk, on 11 April 2011 - 08:51 AM, said:

Hi Raoul,

I stumbled upon the same problem.
Which user identity do you use?

If you're using the default one created by yii's webapp skeleton your id is likely to be 'admin', because of:
	public function authenticate()
	{
		$users=array(
			// username => password
			'demo'=>'demo',
			'admin'=>'admin',
		);
....


And http://www.yiiframew...ntity#id-detail

If you're using another user module (e.g. yii-user) you usually have a database model with a numeric id.
When installing 'rights' it creates a superuser for the currently logged in user. See http://www.yiiframew...dpost__p__89769

Please correct me if I am wrong.


Best regards,
schmunk



View PostChris83, on 11 April 2011 - 09:54 AM, said:

Ah yes, if you're using the default user identity it won't work because it uses the username as the user id, therefore it's not suitable if you have a proper user table and active record.

You can use the UserIdentity -class from the Yii blog demo. Here's a link to the source:
http://code.google.c...serIdentity.php

Also, Rights requires you to have a database because it's built on the CDbAuthManager.



thank you so much both of you, this is what I've been searching for, I think you should add these notes on your docs Chris83, just my opinion :P
0

#359 User is offline   alpha2010m 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 2
  • Joined: 10-April 11

Posted 11 April 2011 - 01:31 PM

View Postalpha2010m, on 10 April 2011 - 03:48 PM, said:

Hi
I use rights and install it
all thing work good but only create action work with any users loged in to system.
for example i use model CVPost with create,index,admin,view,update .
i create two user one user have access create,index,admin,view and update
but user two only access update and view action.
my problem is user two can access to create action too.
what is problem?
i test it for general model and model in modules and its work same and not different
regards
Alex



Hi chris
please advice me for solve problem
thankx
0

#360 User is offline   cs24 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 51
  • Joined: 21-January 11

  Posted 11 April 2011 - 04:11 PM

View PostChris83, on 09 April 2011 - 03:54 PM, said:

Hello ClaCS,

This is a known bug which has been fixed in the newest release (r147), please update to fix this issue. Sorry for the late reply and the inconvenience caused by this.



Hello Chris83 thank you for answer You're RIGHT ;D The bug is solved in the r147 version ... but the links in the first post in the first page aren't updated ::)
http://www.yiiframew...tension-rights/




regards
0

Share this topic:


  • (32 Pages)
  • +
  • « First
  • 16
  • 17
  • 18
  • 19
  • 20
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users