How to create permissions, roles and rules in yii2 using gii?
How to assign roles in yii2?
How to implement all these using below 4 tables?
auth_item
auth_item_child
auth_assignment
auth_rule
Consider the case:
There are two users Admin and FieldOfficer:
I have SHGProfile CRUD application.
FieldOfficer can access only create and view actions in SHGProfile.
Whereas Admin can access all create, view, update and delete actions.
Here Roles are Admin and FieldOfficer.
Permissions are createGroup, viewGroup, updateGroup, and deleteGroup
Here in which table we need to create Roles and Permissions and how to assign it to user?
I will explain here which tables contains role and permissions and how to assign permissions to user :
Insert your all roles in auth_item table i.e Admin , FieldOfficer , createGroup , viewGroup , updateGroup , deleteGroup.
Assign createGroup, viewGroup, updateGroup, and deleteGroup to Admin role in auth_item_child table.
Assign createGroup, viewGroup to FieldOfficer role in auth_item_child table.
Assign permission to user in auth_assignment table with role id and user id . Assign only parent role like Admin or FieldOfficer.
Now in your controller use AccessControl for give access to logged in user as per their role
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'only' => ['create', 'view' , 'update' , 'delete'],
'rules' => [
// allow all actions to Admin role users
[
'allow' => true,
'actions' => ['create', 'view' , 'update' , 'delete'],
'roles' => ['Admin'],
],
// allow create , view actions to FieldOfficer role users
[
'allow' => true,
'actions' => ['create', 'view'],
'roles' => ['FieldOfficer'],
],
// everything else is denied
],
],
];
}
Related
I want to create a user in postgres who can only made SELECT in all the tables of the current database.
How can specify ALL tables in puppet?
Here an extract of my puppet file:
...
postgresql::server::database_grant { 'PnBP':
privilege => 'CREATE',
db => 'db',
role => 'role',
}
postgresql::server::table_grant { 'SELECT':
privilege => 'SELECT',
table => 'ALL',
db => 'db',
role => 'role',
}
...
But when I specify the word ALL it doesn't work.
Here the error:
Error: /Stage[main]/Main/Node[default]/Postgresql::Server::Table_grant[PnBP]/Postgresql::Server::Grant[table:PnBP]/Postgresql_psql[grant:table:PnBP]: Could not evaluate: Error evaluating 'unless' clause, returned pid 30443 exit 1: 'ERROR: relation "all" does not exist
'
I check the doc, but it doesn't specify how to apply the privileges for all the tables.
table : Specifies the table to which you are granting access.
postgresql::server::table_grant
The Puppet documentation for Postgresql describes a postgresql::server::grant option that looks more flexible than the table_grant which assumes a single table.
Looks to be something like:
postgresql::server::grant{ 'SELECT':
object_type => 'ALL TABLES IN SCHEMA',
object_name => 'public',
privilege => 'SELECT',
db => 'db',
role => 'role',
}
https://github.com/puppetlabs/puppetlabs-postgresql#postgresqlservergrant
I've developing a REST service on Yii2 and Angular 2 client. Using Bearer JWT authentication.
For example there is a uri: http://127.0.0.1/v1/accounts/123456/meters, which should return all user's meters by account, which he own.
Applied router rule:
'<accountId:\w+>/<action:[\w-]+>' => '<action>',
Controllers has following behaviors:
'authenticator' => [
'class' => HttpBearerAuth::className(),
'except' => ['options']
],
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
]
]
]
Action AccountController::actionMeters looks:
public function actionMeters($accountId)
{
// Call MS SQL procedure
$meters = Yii::$app->db->createCommand("EXEC [getMetersByAccountId] :accountId")->bindValue(':accountId', $accountId)->queryAll()
return $meters;
}
But in this way authenticated user can get (if modify GET accountId parameter) meters, which belongs to another user.
I have a user_account table in database, which link users and accounts, but I don't know in which place of application should I perform a checking properly.
How to make a check if authenticated user has an access to this resource by specified accountId parameter?
Thank you.
I've found solution to determine matchCallback in access rule. Now it's look:
[
'allow' => true,
'actions' => ['meters'],
'roles' => ['#'],
'matchCallback' => function() {
return Yii::$app->user->identity->user->hasAccount(Yii::$app->request->get('accountId'));
}
],
And define hasAccount method in User model:
public function hasAccount($accountId) {
return $this->hasOne(UserAccount::className(), ['user_id' => 'id'])->where(['account_id' => $accountId])->exists();
}
It's work correct. Is it a proper solution?
The user is created by the following Puppet resource:
mongodb::db { 'db1':
user => 'user1',
password => 'password',
roles => ["dbAdmin", "dbOwner"],
}
Recently we have added a role clusterMonitor#admin in the MongoDB database. The roles are like this:
["clusterMonitor#admin", "dbAdmin", "dbOwner"].
How can we do this in Puppet? Any alternative way to make it work is fine.
You add the user to the array in the roles attribute just like you wrote:
mongodb::db { 'db1':
user => 'user1',
password => 'password',
roles => ["clusterMonitor#admin", "dbAdmin", "dbOwner"],
}
By default when you try to add a new User in magento, it accepts only the following fields:
Username, FirstName, LastName, Email, New Password and Password Confirmation.
I want to add some more field here, e.g. About Me, PhoneNumber, etc where we will add additional information about this role specific users we add to magento.
Has anyone already done this? How should I go about doing this?
I know additional fields will need to be created in the database. The adminhtml userinfo.phtml doesn't mention fields like Username, FirstName etc, so where it is picking it up from?
Please advice.
Thanks,
Neet
You can start with following tutorial to create registration field
http://www.magentocommerce.com/wiki/5_-_modules_and_development/customers_and_accounts/registration_fields
a) Adding new fields to Admin User Info in magento
b) Adding new fields to Admin User Info in Magento
You will need to add a column to the admin_user table. Make a table with the following code:
<?php
$installer->getConnection()->addColumn($installer->getTable('admin/user'),
'location', array(
'type' => Varien_Db_Ddl_Table::TYPE_TEXT,
'length' => 256,
'nullable' => true,
'default' => null
));
?>
Then, if you want to add/edit this field from the backend you need to
rewrite the method Mage_Adminhtml_Block_System_Account_Edit_Form::_prepareForm and add a new
element in there:
<?php
$fieldset->addField('location', 'select', array(
'name' => 'location',
'label' => Mage::helper('adminhtml')->__('Location'),
'id' => 'location',
'title' => Mage::helper('adminhtml')->__('Location'),
'class' => 'input-select',
'style' => 'width: 80px',
'options' => array('1' =>
Mage::helper('adminhtml')->__('Russia'), '0' =>
Mage::helper('adminhtml')->__('India')),
));
?>
Clear the cache and run the code. You can add new fields to Admin User Info in Magento.
I am working with zfcuser, zfcuser-doctrine-orm and bjyauthorize but I'm not sure on how to handle all the configurations. I have setted
return array(
'bjyauthorize' => array(
// default role for unauthenticated users
'default_role' => 'guest',
// default role for authenticated users (if using the
// 'BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider' identity provider)
'authenticated_role' => 'user',
// identity provider service name
'identity_provider' => 'BjyAuthorize\Provider\Identity\AuthenticationDoctrineEntity',
// Role providers to be used to load all available roles into Zend\Permissions\Acl\Acl
// Keys are the provider service names, values are the options to be passed to the provider
'role_providers' => array(
/* here, 'guest' and 'user are defined as top-level roles, with
* 'admin' inheriting from user
*/
'BjyAuthorize\Provider\Role\DoctrineEntity' => array(
'role_entity_class' => 'Application\Entity\Role',
),
[...]
(I am using BjyAuthorize\Provider\Role\DoctrineEntity as suggested by #ocramius on Add BjyAuthorize Roles (using ZfcUser and Doctrine))
But "BjyAuthorize\Provider\Role\DoctrineEntity" does not exists in the module and it's not in the factories. I tried to use:
'BjyAuthorize\Provider\Role\DoctrineEntity' => 'BjyAuthorize\Service\DoctrineEntityRoleProviderFactory',
But it does not work:
Fatal error: Uncaught exception 'Zend\ServiceManager\Exception\ServiceNotCreatedException' with message 'While attempting to create bjyauthorizeproviderroledoctrineentity(alias: BjyAuthorize\Provider\Role\DoctrineEntity) an invalid factory was registered for this instance type.' in D:\wamp\www\vidum\src\vendor\zendframework\zendframework\library\Zend\ServiceManager\ServiceManager.php on line 860
Does anyone know which is the class for this factory?
The correct class to hook up a Doctrine role provider is
BjyAuthorize\Provider\Role\ObjectRepositoryProvider
You can see an example setup in the docs.