Welcome Guest, Not a member yet? Register   Sign In
CI-RBAC
#1

[eluser]xmonader[/eluser]
I wrote RBAC library < http://en.wikipedia.org/wiki/Rbac > based-on yii's CAuthManager

Installation:

1- Download ci-rbac from https://bitbucket.org/xmonader/ci-rbac
2- It's included in a module (nothing functional except authitem_model, rbac_auth) named authman if (you are using HMVC) just copy and drop it in your modules folder else merge the (models/libraries) folders with your application (models/libraries) and *modify* loading the model in rbac_auth
from
Code:
$this->CI->load->model("authman/authitem_model");

to
Code:
$this->CI->load->model("authitem_model");


3- Import schema.sql to your database
4- That's all.

Example:
There's a hello controller provided with ci-rbac

in the index method
Code:
$cp=$this->rbac_auth->createOperation("createPage", "create page");
        $rp=$this->rbac_auth->createOperation("readPage", "read page");
        $up=$this->rbac_auth->createOperation("updatePage", "update page");
        $dp=$this->rbac_auth->createOperation("deletePage", "delete page");

        $ci=$this->rbac_auth->createOperation("createIssue", "create issue");
        $ri=$this->rbac_auth->createOperation("readIssue", "read issue");
        $ui=$this->rbac_auth->createOperation("updateIssue", "update issue");
        $di=$this->rbac_auth->createOperation("deleteIssue", "delete issue");
Here we created the operations for Page resource <createPage, readPage, updatePage, deletePage> and for another resource called Issue <creadIssue, readIssue, updateIssue, deleteIssue>
*NOTE: the result of createOperation/createIssue/createRole are the id of the created item. (keep track of it as we will use it later)

Now let's get to the roles
Code:
$guestRole=$this->rbac_auth->createRole("guest", "guest role");
        $this->rbac_auth->addChilds($guestRole, array($rp, $ri));
Here we created a role named guest with description "guest role" and add childs ($rp -id of readPage- $ri -id of readIssue) to it

Code:
$memberRole=$this->rbac_auth->createRole("member", "member role");
        $this->rbac_auth->addChilds($memberRole, array($guestRole, $cp, $ci, $up, $ui));
Here we created a member role; which has all the operations of $guestRole and ($cp, $ci, $up, $ui)

Code:
$ownerRole=$this->rbac_auth->createRole("owner", "owner role");
        $this->rbac_auth->addChilds($ownerRole, array($guestRole, $memberRole, $cp, $ci, $up, $ui, $dp, $di));
the owner role... you got the idea

Code:
$adminRole=$this->rbac_auth->createRole("admin", "admin role");
        $admMan=$this->rbac_auth->createTask("adminManagement", "adminManagement");
        
        
        $this->rbac_auth->addChilds($adminRole, array($ownerRole, $memberRole, $guestRole, $admMan));
here's the admin role with operations of guest, member and owner roles + adminManagement task
*Task is kinda higher-level representation of operations

Code:
$this->rbac_auth->assign("admin", 1); //admin
        $this->rbac_auth->assign("member", 2); //someone.
Here we assign the users to the roles;
as you can see user with id=1 is set to admin role, user 2 is set to member

Code:
$this->rbac_auth->assign("deleteIssue", 2);
you can add extra operations for specific user; here user 2 hasAccess to deleteIssue operation.


Checking access:
Code:
if ($this->rbac_auth->checkAccessForUser(1, "deletePage")){
            echo "YES, admin can deletePage";
        }else{
            echo "No, Admin can't";
            
        }
        echo "<br />";
        if ($this->rbac_auth->checkAccessForUser(2, "deletePage")){
            echo "YES, user can deletePage";
        }else{
            echo "No, user can't";
            
        }
        echo "<br />";
        
        if ($this->rbac_auth->checkAccessForUser(1, "deleteIssue")){
            echo "YES, admin can deleteIssue";
        }else{
            echo "No, admin can't";
            
        }
        echo "<br />";
        
        if ($this->rbac_auth->checkAccessForUser(2, "deleteIssue")){
            echo "YES, user can deleteIssue";
        }else{
            echo "No, user can't";
            
        }
        echo "<br />";
        
        if ($this->rbac_auth->checkAccessForUser(1, "adminManagement")){
            echo "YES, admin can do adminManagement";
        }else{
            echo "No, Admin can't";
            
        }
        echo "<br />";
        
        if ($this->rbac_auth->checkAccessForUser(2, "adminManagement")){
            echo "YES, user can do adminManagement";
        }else{
            echo "No, user can't";
            
        }
        echo "<br />";

Backends:
Only DB-Backend for now Smile
#2

[eluser]maltzurra[/eluser]
Error
You do not have access to this repository.
#3

[eluser]xmonader[/eluser]
Fixed, thanks Smile
#4

[eluser]maltzurra[/eluser]
Thanks! Loved Yii RBAC!

Just as sidenote, it depends on MY_Model and MY_Controller Smile
#5

[eluser]xmonader[/eluser]
[quote author="maltzurra" date="1305640065"]Thanks! Loved Yii RBAC!

Just as sidenote, it depends on MY_Model and MY_Controller Smile[/quote]

You are welcome. Yeah, I'll track it down as I developed it for some application and forgot to separate it from its dependencies Smile
#6

[eluser]xmonader[/eluser]
+I've removed the dependencies (MY_Model, MY_Controller)
#7

[eluser]maltzurra[/eluser]
Thanks xmonader,

I've modified some minor mistakes. I have not uploaded it to bitbucket to stick all in one place.

Please take a look at - http://www.2shared.com/file/rK8RX1hC/rbac_modded.html
#8

[eluser]xmonader[/eluser]
Thanks maltzurra for the fixes. I've merged it

You can always push to your repo and I'll merge Smile
#9

[eluser]Unknown[/eluser]
thank you,I just use this.
#10

[eluser]jellysandwich[/eluser]
I think I'm gonna be using this, but two things.

1) Using PHP 5.3.0, I get this error:

Code:
A PHP Error was encountered

Severity: 8192

Message: Call-time pass-by-reference has been deprecated

Filename: libraries/Rbac.php

Line Number: 102

2) Is there any support for bizrules? I see that create and assign functions set bizrules properly, but I can't find any functions that test/execute them.




Theme © iAndrew 2016 - Forum software by © MyBB