Yii Framework Forum: RBAC role case-sensitive bug - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

RBAC role case-sensitive bug Rate Topic: -----

#1 User is offline   eval 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 85
  • Joined: 25-November 08
  • Location:Athens - Greece

Posted 17 December 2008 - 05:02 AM

Hello,

I had a role named "SuperAdmin" stored in RBAC backend (mysql db) and while in a controller i was using the following:

Quote

public function filters()

{

return array(

'accessControl',

);

}

 

public function accessRules()

{

return array(

array('allow',

'actions'=>array('view','add','delete','edit'),

'roles'=>array('Superadmin'),

),

array('deny',

'actions'=>array('view','add','delete','edit'),

'users'=>array('*'),

),

);

}


The user assigned with the SuperAdmin role was getting a 401 error.

Trying to figure what exactly is happening i ended up in CAuthItem.php::checkAccess() where the following statement:

Quote

if($this->_name==$itemName)

return true;

was comparing "superadmin" (the role string specified in the controller) with "SuperAdmin" (the role string stored in backend) and of course it didn't return true.

The 'problem' i think is at CAccessControlFilter.php::setRules() where the following statement lowercase every rule supplied:

Quote

foreach(array_slice($rule,1) as $name=>$value)

$r->$name=array_map('strtolower',$value);

What do you think?
0

#2 User is offline   qiang 

  • Yii Project Lead
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,907
  • Joined: 04-October 08
  • Location:DC, USA

Posted 17 December 2008 - 07:17 AM

It is by design that the role names are case-sensitive because role names could be in locale-dependent languages. Changing them to lower-case may not work in different languages. For your problem, you should make sure the role assigned to your user has the exact role name.
0

#3 User is offline   eval 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 85
  • Joined: 25-November 08
  • Location:Athens - Greece

Posted 17 December 2008 - 07:26 AM

Qiang, still i cannot understand.

I created a role named "SuperAdmin". Then i assigned that role to a valid user. Next i tried to check in my controller for role named "SuperAdmin" (exact case with role name stored in backend). But that failed because CAccessControlFilter.php::setRules() lowercase the string supplied from the controller.

So, my thoughts are, either when a new role must be lowercased before stored in the backend (so, when CAccessControlFilter.php::setRules() lowercases the string supplied it will return true and we have a case-insensitive RBAC), or CAccessControlFilter.php::setRules() must not lowercase the rule name so we have a case-sensitive RBAC.

I have no clue what's best design, however at the moment it is very prone to error as when you define a role you must type it lowercase or else it doesn't work (and the framework doesn't avoid such errors).

Sorry if i miss something here.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users