I created a role "Administrator" but each has one unique guard. I successfully generated them by creating custom function that replicates the web guard to sanctum. Or vice-versa depending where the role is created (e.g react frontend->sanctum guard), or laravel -> web guard).
Roles table
My current request validation rule is this:
'name' => ['required', 'max:70', 'unique:roles,name,'. $this->role->id]
I also tried this, but this won't work because it's intended only for the current role
'name' => ['required', 'max:70', 'unique:roles,name,id']
It returns "The name has already been taken."
I can't update the Role because there's an existing role that have the same name. How can I make my Request to ignore the duplicate role?
The unique rule has been updated to be more flexible in modern versions of Laravel.
You can define your validation rule like this:
use Illuminate\Validation\Rule;
...
$rules = [
"name" => [
"required",
"max:70",
Rule::unique("roles")
->ignore($this->role->id)
->where("guard_name", $this->role->guard_name)
],
];
Additional where clauses were previously added with more parameters in the unique: comma-separated list (and still can be AFAIK) but it was very hard to tell at a glance what the validation was doing.
I have a many-to-many relationship created using fuelphp's ORM.
The pseudocode for the relation looks like this
class MyModel extends Model
{
protected static $_many_many = [
'relatedmodel' => [
'conditions' => [
'where' => [
['ctime', '>', DB::expr(('now() - interval 1 week'))],
],
],
]
];
}
The idea here is that I only want the relationship to look at newer relatedmodels that were created in the last week.
However, this obviously won't work because of a php language constraint - an expression is not allowed as a field default value.
How can I get the desired behavior in FuelPHP despite that constraint?
The work around for the language constraint here is to use Fuel autoloader's public static _init() function to set the value. This gets called automatically when the class is loaded by the autoloader.
http://fuelphp.com/docs/general/classes.html#/init_method
I've been developing web apps using Yii 1.1.14 so far, but now it's time for an upgrade.
The company where I work has developed its own Access Control system, and I was really OK with it until I saw what it was really like... A combination of 8 tables in the database (not counting the users table), with a bunch of foreign keys.
1 table for controllers
1 table for the actions
1 table for the menu categories
1 table for types of users
And the other tables basically just connect 2 or 3 of those tables at a time.
It works well, but in my point of view it's highly time consuming to maintain all those tables, and at some point, when your application goes online, if it hits a certain amount of users it could get really slow. specially because 2 of those tables have the user's table primary key as foreign key.
So I've decided that, when I start developing on Yii 2, I'm going to start using RBAC, so I started looking for tutorials online... Only finding many different versions of the same code with author's role, and permissions for create or update posts.
I found a combination of 5 videos on Youtube, but they are about Yii 1 RBAC. They were helpful because I managed to understand most of RBAC's functionality, but I still have some doubts that I'll
enumerate below. And keep in mind that for this Access Control system I'm using the DBManager class.
My Doubts
Yii 1's RBAC used to have 3 tables: auth_assignment, auth_item and auth_item_child. Now in Yii 2 RBAC, a new table appears that is called auth_rule and I still don't understand what that specific table is doing there, how to use it or how to populate it.
I see that it's possible to restrict the user's access to some actions by using the controller's behavior method, and assigning access to some actions depending on the user's role, but when it comes to this I have to split my question into 2:
2.1. First: If you can just restrict the access to actions by setting it up in the behaviors method, then what's the use of saving permissions to the auth_item table?
2.2. Second: If you DO decide to control access according to permissions, then how exactly do you do it, because I find myself writing the following type of code inside of every function and I don't think using RBAC is supposed to be this tedious. There has to be another way.
public function actionView($id)
{
if(Yii::$app->user->can('view-users')){
return $this->render('view', [
'model' => $this->findModel($id),
]);
}else{
#Redirect to a custom made action that will show a view
#with a custom error message
$this->redirect(['//site/notauthorized']);
}
}
Because of the Access Control System that we use right now, when a user logs in, a complex query is executed that will end up returning an array that will be saved as a session variable, and will be used to create a menu with as many dropdownlists as menu categories, that the controllers that the user has access to belong to. How can this be done with RBAC?
I can only really answer 2.2 of your question, as 3 doesn't sound at all like something an RBAC should do. You could, however, get the information you needed from the rules table most likely, provided you followed a naming convention that matched your controllers or actions.
On to answering 2.2 though:
You can simply set the behavior like such:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => true,
'actions' => ['view'],
'roles' => ['view-users'], //<-- Note, rule instead of role
],
]
]
}
This doesn't solve a different problem of 'view-own-users' style permissions, as this needs to inspect the ActiveRecord model (well, at least it does in my application). If You want to achieve this, take a look at my post in the Yii forums here:
http://www.yiiframework.com/forum/index.php/topic/60439-yii2-rbac-permissions-in-controller-behaviors/#entry269913
I use it in one of the simplest method,I use them in the behaviours of my controller.
public function behaviors()
{
return [
'access' => [
'class' => \yii\filters\AccessControl::className(),
'rules' => [
[
'allow' => true,
'roles' => ['sysadmin'],
'actions' => ['index','view','update'],
],
[
'allow' => true,
'roles' => ['staff'],
'actions' => ['index','create','update','view'],
],
],
],
];
}
Here roles are the one created in the auth-item table in the database and they have been assigned for users in auth-assignment table. In the behaviours we just use it as above. In the above code sysadmin can have access to index, view and update action, whereas staff can have access to index,create, update and view action.
Yii2 needs a little setup when it comes to using RBAC under your controllers AccessControl. I got around it by making my own AccessRule file.
namespace app\components;
use Yii;
class AccessRule extends \yii\filters\AccessRule
{
protected function matchRole($user)
{
if (empty($this->roles)) {
return true;
}
foreach ($this->roles as $role) {
if(Yii::$app->authManager->checkAccess($user->identity->code, $role))
return true;
}
return false;
}
then in your controller u can use something like this:
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'ruleConfig' => [
'class' => 'app\components\AccessRule'
],
'rules' => [
[
'actions' => ['index', 'resource-type'],
'allow'=> true,
'roles' => ['admin'],
],
],
],
];
}
Where admin is defined as a auth_item and the user is in the auth_item_assignments.
As I have created a new Rbac system for yii2. you can direct permission for a action and action will show you are not authorisez for this action.
By this you find that you will only provide access for action that need to identify.
I uploaded my detail here you can find lot of solution here.
This is the best solution i could come up with when facing the need to filter access by permissions, it's bothersome but can be useful if you're trying to create roles in a productive enviroment and want to use rbac.
use yii\web\ForbiddenHttpException;
if(Yii::$app->user->can('view-users')){
return $this->render('view', [
'model' => $this->findModel($id),
]);
}else{
throw new ForbiddenHttpException('You dont have access to this site');
}
I have a many to many relation between let's say entityA and entityB and I will use embeeded forms in order to add the attribute of entityA in the form of entityB as follows
$builder ->add('entityAs', 'entity', array(
'class' => 'xxxBundle:EntityA',
'property' => 'name',
'multiple' => false,
));}
When I set 'multiple' to true, everything is OK.
But when I set it to false, I get the following error
Property "entityAs" is not public in class "xxx\Entity\EntityB". Maybe you should create the method "setEntityAs()"?
As usual the property entityAs in your EntityB class is not public (protected or private). So you have to write (or generate) a setter for it: setEntityAs($entityAs)
multiple true may work, as I think (not sure) it uses the addXxx Setter. Proof me, if you have an addEntityAs Method in your EntityB Class?
Buuuuut, if you have a many to many relation, why you would set multiple to false?
"Some commonly used features, such as user management, comment management, may be developed in terms of modules so that they can be reused easily in future projects." - http://www.yiiframework.com/doc/guide/1.1/en/basics.module
I have a lot of projects that requires a user. Every time quite the same database structure and features. Registration, login, logout etc.
Yii tells me that i can reuse modules. Cool... let's start:
I have 3 parts: User, Campaign and Website.
In this project the CampaignModule has a relation to the UserModule (campaign_user [user_id, campaign_id])
The WebsiteModule has a relation to the CampaignModule and to the UserModule.
I want to reuse the UserModule in other projects with features like registration, login, edit etc.
Actual situation:
After creating models with gii every one has relations and dependencies across the modules.
e.g.
UserModule: 'campaigns' => array(self::HAS_MANY, 'Campaign', 'user_id'),
To use the WebsiteModule it's necessary to include the User- and CampaignModule.
Now i even have to include Website- and CampaignModule to use the UserModule!
I also want to update the UserModule across many projects and maybe build a framework with some basic modules.
What is the right way to plan an architecture like this?
There is a yii-user module, what they do, is they allow you to specify additional relations for the User model, on the module configuration:
/**
* #return array relational rules.
*/
public function relations()
{
$relations = Yii::app()->getModule('user')->relations;
if (!isset($relations['profile']))
$relations['profile'] = array(self::HAS_ONE, 'Profile', 'user_id');
return $relations;
}
So you can do something like:
'modules'=>array(
'user' => array(
...
'relations' => array(
'categories' => array(CActiveRecord::HAS_MANY, 'Category', "user_id"),
'account' => array(CActiveRecord::HAS_ONE, 'Account', "user_id"),
),
...
),
),