Script to help set up RBAC

Just a simple command that helps to set up initial RBAC rules. You can put it into protected/commands/shell and add some operations, tasks, roles and user assignments. Use yiic shell and enter setuprbac to use.

Make sure you have configured CDbAuthManager:

<?php


    'components'=array(


        'authManager'=>array(


            'class'=>'CDbAuthManager',


            'connectionID'=>'db',


        ),

Maybe it’s useful for someone :).

can you specify how to run that one step by step?

This command is thought to be used only once to set up your basic RBAC operations, tasks and roles.

  1. Put the file into protected/commands/shell of your application

  2. Edit the file to match your basic layout of roles/tasks and users

  3. Add db configuration and CDbAuthManager to your config file

  4. Run the command like yiic shell and then setuprbac

Simple example:

<?php


    private $operations=array(


        array('readUnit', 'Read Unit'),


        array('createUnit', 'Create Unit'),


        array('updateUnit', 'Update Unit'),


        array('deleteUnit', 'Delete Unit'),


    );





    private $tasks=array(


        array(


            'adminUnit',


            'Administrate Units',


            array('readUnit','createUnit','updateUnit','deleteUnit')


        ),


    );





    private $roles=array(


        array(


            'admin',


            'Administrators with full access rights',


            array('adminUnit'),


        ),


    );





    private $users=array(


        '1' => array('admin')


    );


but how can i define bizrules than?

Add them as additional array parameter. To e.g. define a operation "editOwnPosts":

<?php


private $operations=array(


    array('editOwnPosts','Edit my own posts', array(), 'return Yii::app()->user->id==$params["post"]->authorID'),


(The empty array stands for the children of this item).

As described in the top of the script, each array entry in $operations, $tasks and $roles uses this form:

array( 'ItemName' , 'Item description', array('names','of','children') , 'optional business rule');


hello,

i guess i'm not doin' it right.

i have to ask.

i've built a php file named setuprbac.php, added my roles, operations and tasks and put it into the shell folder of my app

i've created the database like it should be.

then i ran the commend like /yii/framework/yiic shell

next i typed in setuprbac resp. setuprbac.php

and guess what, nothing happened.

to you i may seem like a complete clueless tool, but i just don't get the whole rbac-topic, pleas help

Did you check the database? Are any entries created in your Auth* tables? That's the whole purpose of this script…

It would have been great if you mentioned that your script executes the schema.sql for creating the tables which includes a prior DROP TABLE IF EXISTS!

I know that your script is for initial setup, but i didn’t expected that it would drop my existing tables without checking or asking  :(

I've already added some items and was now searching for an easier way to do the heavy work…

Maybe at least something like:

		$createTables = false;


		// Check whether tables already exist


		if($this->_db->schema->getTable('AuthItem') || $this->_db->schema->getTable('AuthItemChild') || $this->_db->schema->getTable('AuthAssignment')){


			echo "At least one Auth* table already exists in database!n Overwrite existing Auth* tables? [Yes|No] ";


			if(!strncasecmp(trim(fgets(STDIN)),'y',1))


			  $createTables = true;


		}


			


        // Read schema file and create db tables


		if($createTables===true)


		{


			$schemafile=Yii::getPathOfAlias('system.web.auth').DIRECTORY_SEPARATOR.'schema.sql';


			if (($schema=file_get_contents($schemafile))===false)


				die("Could not read schema file in $schemafile.n");


			$this->_db->createCommand($schema)->execute();


		}	


Thanks anyway for this script!

Greetings

The script was just a quick mashup to help me install RBAC rules for fresh installations. It uses the sql schema file that comes with Yii to create all required tables. Sorry, if that was unclear.

Hi,

thanks for this !

Could not make it work but :

I added :

just before the  RBAC setup finished successful. message

it was not working for me prior to this addition