RBAC role case-sensitive bug

Hello,

I had a role named "SuperAdmin" stored in RBAC backend (mysql db) and while in a controller i was using the following:

Quote

public function filters()
{





	return array(





		'accessControl', 





	);





}

 

public function accessRules()





{





	return array(





		array('allow',





			'actions'=>array('view','add','delete','edit'),





			'roles'=>array('Superadmin'),





		),





		array('deny',





			'actions'=>array('view','add','delete','edit'),





			'users'=>array('*'),





		),





	);





}</div></div>

The user assigned with the SuperAdmin role was getting a 401 error.

Trying to figure what exactly is happening i ended up in CAuthItem.php::checkAccess() where the following statement:

Quote

if($this->_name==$itemName)
			return true;</div></div>

was comparing "superadmin" (the role string specified in the controller) with "SuperAdmin" (the role string stored in backend) and of course it didn't return true.

The 'problem' i think is at CAccessControlFilter.php::setRules() where the following statement lowercase every rule supplied:

Quote

foreach(array_slice($rule,1) as $name=>$value)
				$r-&gt;$name=array_map(&#039;strtolower&#039;,$value);</div></div>

What do you think?

It is by design that the role names are case-sensitive because role names could be in locale-dependent languages. Changing them to lower-case may not work in different languages. For your problem, you should make sure the role assigned to your user has the exact role name.

Qiang, still i cannot understand.

I created a role named "SuperAdmin". Then i assigned that role to a valid user. Next i tried to check in my controller for role named "SuperAdmin" (exact case with role name stored in backend). But that failed because CAccessControlFilter.php::setRules() lowercase the string supplied from the controller.

So, my thoughts are, either when a new role must be lowercased before stored in the backend (so, when CAccessControlFilter.php::setRules() lowercases the string supplied it will return true and we have a case-insensitive RBAC), or CAccessControlFilter.php::setRules() must not lowercase the rule name so we have a case-sensitive RBAC.

I have no clue what's best design, however at the moment it is very prone to error as when you define a role you must type it lowercase or else it doesn't work (and the framework doesn't avoid such errors).

Sorry if i miss something here.