srbac - rbac manager for the Yii framework

Last 30 days Feb 05, 2012 issue 86 (exception in install process - issue 64 revisited) reported by ma...@suomedia.com - What steps will reproduce the problem? Install srbac as per PDF - version 1.3 beta What is the expected output? What do you see instead? Expect no exceptions, instead see: Alias "modules.srbac.SrbacModule" is invalid. What version of the product are you using? On what operating system? Windows 7 running WAMPserver Please provide any additional information below. This issue was marked as "invalid" for issue #64 , whereas in fact its a bug. The installation instructions have: 'class'=>'modules.srbac.components.SDbAuthManager', this is just wrong and should be: 'class'=>'application.modules.srbac.components.SDbAuthManager', What steps will reproduce the problem? Install srbac as per PDF - version 1.3 beta What is the expected output? What do you see instead? Expect no exceptions, instead see: Alias "modules.srbac.SrbacModule" is invalid. What version of the product are you using? On what operating system? Windows 7 running WAMPserver Please provide any additional information below. This issue was marked as "invalid" for issue #64 , whereas in fact its a bug. The installation instructions have: 'class'=>'modules.srbac.components.SDbAuthManager', this is just wrong and should be: 'class'=>'application.modules.srbac.components.SDbAuthManager', Feb 05, 2012 issue 64 (exception in install process) commented on by ma...@suomedia.com - In the authManager array in your config file, change the class path to: 'class'=>'application.modules.srbac.components.SDbAuthManager', its missing 'application.', since version 1.1.1 at least (Google) Please note this BUG and fix it please! In the authManager array in your config file, change the class path to: 'class'=>'application.modules.srbac.components.SDbAuthManager', its missing 'application.', since version 1.1.1 at least (Google) Please note this BUG and fix it please! Earlier this year Jan 20, 2012 issue 79 (Business rules doesnt check at default roles) commented on by stumm...@gmail.com - the defaultRoles works only if the $itemName is in the defaultRoles Array. It doesn't check the ItemChildren of the defaultRoles. what helped for me to check also the childrenitems of the default roles is to add the items of the defaultRoles to the $names array if the bizrule is true. add this foreach($this->defaultRoles as $defaultRole){ $item=$this->getAuthItem($defaultRole); if ($item && $this->executeBizRule($item->getBizRule(),$params,$item->getData())){ $names[]=$item->getName(); } } the defaultRoles works only if the $itemName is in the defaultRoles Array. It doesn't check the ItemChildren of the defaultRoles. what helped for me to check also the childrenitems of the default roles is to add the items of the defaultRoles to the $names array if the bizrule is true. add this foreach($this->defaultRoles as $defaultRole){ $item=$this->getAuthItem($defaultRole); if ($item && $this->executeBizRule($item->getBizRule(),$params,$item->getData())){ $names[]=$item->getName(); } } Jan 18, 2012 issue 64 (exception in install process) commented on by dennis....@gmail.com - I have the same problem, any ideas? thks I have the same problem, any ideas? thks Older Oct 23, 2011 issue 85 (module's name include the charactor 'action') commented on by yanghuol...@qinglangren.com - I fount is the key word 'action' in the module name, when i modify the name has not include the 'action' , it's successful! I fount is the key word 'action' in the module name, when i modify the name has not include the 'action' , it's successful! Oct 23, 2011 issue 85 (module's name include the charactor 'action') reported by yanghuol...@qinglangren.com - What steps will reproduce the problem? 1.my moduels is transaction 2.when I generate the operation,the operation name's rule has error 3.it isn't the I wanted What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. What steps will reproduce the problem? 1.my moduels is transaction 2.when I generate the operation,the operation name's rule has error 3.it isn't the I wanted What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. Oct 20, 2011 issue 64 (exception in install process) commented on by jkl...@hotmail.com - Hi, same problem with V 1.3 but - URL = my/app/index.php?r=srbac - module extracted in protected/modules/srbac - config = same as in user guide (copy/paste, ) - chmod -R a+r of srbac directory - site installation working fine with other modules user & translate any idea ? Hi, same problem with V 1.3 but - URL = my/app/index.php?r=srbac - module extracted in protected/modules/srbac - config = same as in user guide (copy/paste, ) - chmod -R a+r of srbac directory - site installation working fine with other modules user & translate any idea ? Oct 13, 2011 issue 84 (the srbac/authitem/frontpage dont work, assigning a operatio...) commented on by proprete...@gmail.com - sorry, one mistake the srbac dont assign the tasks,roles or operations sorry, one mistake the srbac dont assign the tasks,roles or operations Oct 13, 2011 issue 84 (the srbac/authitem/frontpage dont work, assigning a operatio...) reported by proprete...@gmail.com - What steps will reproduce the problem? 1.enter in srbac modulo 2. go to srbac/authitem/frontpage 3. assign or dont assign task, operation or roles What is the expected output? What do you see instead? with yii1.0.10 work fine What steps will reproduce the problem? 1.enter in srbac modulo 2. go to srbac/authitem/frontpage 3. assign or dont assign task, operation or roles What is the expected output? What do you see instead? with yii1.0.10 work fine Sep 12, 2011 issue 70 (fix alwaysAllowed no effect bug) commented on by d...@i-dare.be - I'm having the same problem. No accessRules that override srbac. The function checkAccess calls for $this->defaultRoles but that variable is never set. The only location 'defaultRoles' is mentioned is in the SDbAuthManager.php file. I'm having the same problem. No accessRules that override srbac. The function checkAccess calls for $this->defaultRoles but that variable is never set. The only location 'defaultRoles' is mentioned is in the SDbAuthManager.php file. Sep 09, 2011 issue 64 (exception in install process) commented on by amrl...@gmail.com - This is error can happen because the web server dosen't have read permission in the mudule folder. Set the appropriate permission and it should work. This is error can happen because the web server dosen't have read permission in the mudule folder. Set the appropriate permission and it should work. Sep 06, 2011 issue 83 (Patch for /trunk/protected/modules/srbac/views/authitem/head...) reported by fabio.in...@gmail.com - header i18n header i18n Aug 22, 2011 issue 82 (Default srbac.css in nonsrbac pages ) reported by mclean...@gmail.com - In srbac\SrbacModule.php function init() there is few lines to register srbac.css. Thats how srbac.css apears on every pages and it can interpolate with your main portal layout css. So logical fix would be, to register srbac.css only when using srbac controller (AuthitemController). Quick fix, not sure if it is good, but at least it's working : ) 1. Comment out (or delete) lines in srbac\SrbacModule.php function init(): //Publish css $this->_cssPublished = Helper::publishCss($this->css); 2. In srbac\SrbacModule.php create new function: public function registerCSS() { //Publish css $this->_cssPublished = Helper::publishCss($this->css); } 3. In srbac\controllers\AuthitemController.php change init() function to this (or add one line): public function init() { parent::init(); Yii::app()->controller->module->registerCSS(); } In srbac\SrbacModule.php function init() there is few lines to register srbac.css. Thats how srbac.css apears on every pages and it can interpolate with your main portal layout css. So logical fix would be, to register srbac.css only when using srbac controller (AuthitemController). Quick fix, not sure if it is good, but at least it's working : ) 1. Comment out (or delete) lines in srbac\SrbacModule.php function init(): //Publish css $this->_cssPublished = Helper::publishCss($this->css); 2. In srbac\SrbacModule.php create new function: public function registerCSS() { //Publish css $this->_cssPublished = Helper::publishCss($this->css); } 3. In srbac\controllers\AuthitemController.php change init() function to this (or add one line): public function init() { parent::init(); Yii::app()->controller->module->registerCSS(); } Aug 21, 2011 issue 79 (Business rules doesnt check at default roles) commented on by lexu...@gmail.com - Strange, but it works fine for me. Anyway, thanx for great extension. Strange, but it works fine for me. Anyway, thanx for great extension. Aug 21, 2011 issue 79 (Business rules doesnt check at default roles) commented on by mclean...@gmail.com - Hm... it looks like your fix didn't help at all. What help me to fix default roles problems was comment out function checkAccess in srbac\components\SDbAuthManager.php. In other words, make sure that you'r using Yii framework function checkAccess. I guess that srbac function checkAccess needs to be updated according to Yii framework changed function. Hm... it looks like your fix didn't help at all. What help me to fix default roles problems was comment out function checkAccess in srbac\components\SDbAuthManager.php. In other words, make sure that you'r using Yii framework function checkAccess. I guess that srbac function checkAccess needs to be updated according to Yii framework changed function. Aug 10, 2011 issue 61 (isInstalled() method will always return "false-positive" wit...) commented on by degsonj...@gmail.com - Yii::app()->authManager->db->schema->tableNames return table names of "public" schema. PS: Sorry for my bad English Yii::app()->authManager->db->schema->tableNames return table names of "public" schema. PS: Sorry for my bad English Aug 07, 2011 issue 81 (Ajax problem) commented on by Gtp...@gmail.com - Please add Yii::app()->clientScript->scriptMap=array( 'jquery.js'=>false, ); to the actions which reponse ajax tabs content to avoiding redownloading jquery Please add Yii::app()->clientScript->scriptMap=array( 'jquery.js'=>false, ); to the actions which reponse ajax tabs content to avoiding redownloading jquery Aug 07, 2011 issue 81 (Ajax problem) reported by Gtp...@gmail.com - What steps will reproduce the problem? Click on roles or tasks or users After ajax call jquery tries to load Firefox 5.0 freezing. Page no longer responding. IMHO wrong ajax implementation What steps will reproduce the problem? Click on roles or tasks or users After ajax call jquery tries to load Firefox 5.0 freezing. Page no longer responding. IMHO wrong ajax implementation Aug 06, 2011 issue 80 (Patch for /trunk/protected/modules/srbac/models/Assignments....) reported by muh.alay...@gmail.com - Change column name on safe attributes Change column name on safe attributes Jul 31, 2011 issue 79 (Business rules doesnt check at default roles) reported by lexu...@gmail.com - By default this check should be done to solve wich default role to assign. For example: 'defaultRoles'=>array('Guest','User') This could be done by replacing in SDbAuthManager->checkAccess(): ----- if (!empty($this->defaultRoles) && in_array($itemName,$this->defaultRoles)) { return true; } ----- to ----- if (!empty($this->defaultRoles) && in_array($itemName,$this->defaultRoles)) { if ($item=$this->getAuthItem($itemName)) return $this->executeBizRule($item->getBizRule(),$params,$item->getData()); else return true; } ---- By default this check should be done to solve wich default role to assign. For example: 'defaultRoles'=>array('Guest','User') This could be done by replacing in SDbAuthManager->checkAccess(): ----- if (!empty($this->defaultRoles) && in_array($itemName,$this->defaultRoles)) { return true; } ----- to ----- if (!empty($this->defaultRoles) && in_array($itemName,$this->defaultRoles)) { if ($item=$this->getAuthItem($itemName)) return $this->executeBizRule($item->getBizRule(),$params,$item->getData()); else return true; } ---- Jul 26, 2011 srbac_1.3beta.zip (srbac 1.3 beta) file uploaded by spy...@valor.gr - Labels: Featured Type-Archive OpSys-All Labels: Featured Type-Archive OpSys-All Jul 26, 2011 r235 (Version 1.3 beta) committed by spy...@valor.gr - Version 1.3 beta Version 1.3 beta Jul 15, 2011 r234 (Remove access to srbac for all when authority is not assigne...) committed by spy...@valor.gr - Remove access to srbac for all when authority is not assigned Remove access to srbac for all when authority is not assigned Jul 12, 2011 r233 (Added autocomplete textbox for users assignments) committed by spy...@valor.gr - Added autocomplete textbox for users assignments Added autocomplete textbox for users assignments Jul 07, 2011 issue 78 (Patch for /trunk/protected/modules/srbac/SrbacModule.php) reported by pch.sidd...@gmail.com - Hacked Hacked Jul 06, 2011 issue 77 (Clever assigning is broken) Status changed by spy...@valor.gr - This issue was closed by revision r232. Status: Fixed This issue was closed by revision r232. Status: Fixed Jul 06, 2011 r232 (Fixed Clever Assigning (closes issue 77)) committed by spy...@valor.gr - Fixed Clever Assigning (closes issue 77 ) Fixed Clever Assigning (closes issue 77 ) Jul 06, 2011 issue 77 (Clever assigning is broken) Labels changed by spy...@valor.gr - Labels: Milestone-Release1.3 −Milestone-Release1.1.3 Labels: Milestone-Release1.3 −Milestone-Release1.1.3 Jul 06, 2011 issue 77 (Clever assigning is broken) Labels changed by spy...@valor.gr - Labels: Milestone-Release1.1.3 Labels: Milestone-Release1.1.3 Jul 06, 2011 issue 77 (Clever assigning is broken) reported by spy...@valor.gr - Clever assigning is not working in the 1.1.2 Clever assigning is not working in the 1.1.2 Jul 05, 2011 issue 73 (Patch for /trunk/protected/modules/srbac/controllers/SBaseCo...) Status changed by spy...@valor.gr - This issue was closed by revision r231. Status: Fixed This issue was closed by revision r231. Status: Fixed Jul 05, 2011 r231 (Fixes controller in subdir not working (closes issue 73)) committed by spy...@valor.gr - Fixes controller in subdir not working (closes issue 73 ) Fixes controller in subdir not working (closes issue 73 ) Jul 05, 2011 issue 76 (by Captain Obvious) Status changed by spy...@valor.gr - This issue was closed by revision r230. Status: Fixed This issue was closed by revision r230. Status: Fixed Jul 05, 2011 r230 (Fixes static function called by $this (closes issue 76)) committed by spy...@valor.gr - Fixes static function called by $this (closes issue 76 ) Fixes static function called by $this (closes issue 76 ) May 07, 2011 issue 76 (by Captain Obvious) reported by m1...@yandex.ru - Helper.php(363): static function called by $this-> Helper.php(363): static function called by $this-> May 06, 2011 issue 75 (srbac cannot accept action with parameter) Status changed by spy...@valor.gr - Status: Verified Status: Verified May 06, 2011 issue 75 (srbac cannot accept action with parameter) commented on by kasuma.y...@gmail.com - this case solved with 1.2v. this case solved with 1.2v. May 05, 2011 issue 75 (srbac cannot accept action with parameter) reported by kasuma.y...@gmail.com - What steps will reproduce the problem? when I was trying to access an action that require a parameter inside(e.g actionUpdate($id). These action has assigned to alwaysallowed and it saved in allowed.php as update$id. What is the expected output? What do you see instead? The output is, it shows error like this: Error:403 'You are not authorized for this action' Error while trying to access /page/index. No matter I access it as a guess or authorized user, it keeps showing the error 403. What version of the product are you using? On what operating system? Yii version: 1.1.7 XAMPP 1.7.3 OS : Win Vista The solution is: I've added this code below into SBaseController.php in srbac module controller: if (count($this->actionParams) > 0){ $keys=array_keys($this->actionParams); foreach($keys as $key){ $query=$query.','.'$'.$key; } $query=substr_replace($query, '',0,1); $access=$access.$query; } What happen with the current code is, $mod = $this->module !== null ? $this->module->id . "/" : ""; $contrArr = explode("/", $this->id); $contrArr[sizeof($contrArr) - 1] = ucfirst($contrArr[sizeof($contrArr) - 1]); $controller = implode(".", $contrArr); $contr = str_replace("/", ".", $this->id); $access = $mod . $controller . ucfirst($this->action->id); //Always allow access if $access is in the allowedAccess array if (in_array($access, $this->allowedAccess())) { return true; } when beforeAction accept action with parameter, the key parameter didn't assigned to $access. e.g, it supposed to be like this PageIndex$id, but the value that assigned to $access only PageIndex which is different with value that saved in allow.php What steps will reproduce the problem? when I was trying to access an action that require a parameter inside(e.g actionUpdate($id). These action has assigned to alwaysallowed and it saved in allowed.php as update$id. What is the expected output? What do you see instead? The output is, it shows error like this: Error:403 'You are not authorized for this action' Error while trying to access /page/index. No matter I access it as a guess or authorized user, it keeps showing the error 403. What version of the product are you using? On what operating system? Yii version: 1.1.7 XAMPP 1.7.3 OS : Win Vista The solution is: I've added this code below into SBaseController.php in srbac module controller: if (count($this->actionParams) > 0){ $keys=array_keys($this->actionParams); foreach($keys as $key){ $query=$query.','.'$'.$key; } $query=substr_replace($query, '',0,1); $access=$access.$query; } What happen with the current code is, $mod = $this->module !== null ? $this->module->id . "/" : ""; $contrArr = explode("/", $this->id); $contrArr[sizeof($contrArr) - 1] = ucfirst($contrArr[sizeof($contrArr) - 1]); $controller = implode(".", $contrArr); $contr = str_replace("/", ".", $this->id); $access = $mod . $controller . ucfirst($this->action->id); //Always allow access if $access is in the allowedAccess array if (in_array($access, $this->allowedAccess())) { return true; } when beforeAction accept action with parameter, the key parameter didn't assigned to $access. e.g, it supposed to be like this PageIndex$id, but the value that assigned to $access only PageIndex which is different with value that saved in allow.php Apr 19, 2011 issue 74 (Helper::findModule could not recursively find 'srbac' nested...) reported by ivan.ego...@gmail.com - What steps will reproduce the problem? 1. place 'srbac' into another module 2. try use it 3. What is the expected output? What do you see instead? no error. currently observed null reference in AuthitemController.php #51 if (Yii::app()->user->checkAccess(Helper::findModule('srbac')->superUser) \|\| What version of the product are you using? On what operating system? 1.2 Please provide any additional information below. FIX: ===== public static function findModule($moduleID) { return self::findInModule(Yii::app(), $moduleID); } private static function findInModule($parent, $moduleID) { if ($parent->getModule($moduleID)) { return $parent->getModule($moduleID); } else { $modules = $parent->getModules(); foreach ($modules as $mod => $conf) { $module = self::findInModule($parent->getModule($mod), $moduleID); if ($module) { return $module; } } } return null; } ==== What steps will reproduce the problem? 1. place 'srbac' into another module 2. try use it 3. What is the expected output? What do you see instead? no error. currently observed null reference in AuthitemController.php #51 if (Yii::app()->user->checkAccess(Helper::findModule('srbac')->superUser) \|\| What version of the product are you using? On what operating system? 1.2 Please provide any additional information below. FIX: ===== public static function findModule($moduleID) { return self::findInModule(Yii::app(), $moduleID); } private static function findInModule($parent, $moduleID) { if ($parent->getModule($moduleID)) { return $parent->getModule($moduleID); } else { $modules = $parent->getModules(); foreach ($modules as $mod => $conf) { $module = self::findInModule($parent->getModule($mod), $moduleID); if ($module) { return $module; } } } return null; } ==== Apr 06, 2011 issue 73 (Patch for /trunk/protected/modules/srbac/controllers/SBaseCo...) reported by pochta.t...@gmail.com - Access control not work if controller class placed in some directory (e.g. admin/controller.php) $contr = str_replace($del, ".", $this->id); -is a Garbage? Access control not work if controller class placed in some directory (e.g. admin/controller.php) $contr = str_replace($del, ".", $this->id); -is a Garbage? Apr 05, 2011 issue 72 (srbac problem with PostgreSQL DB) reported by heykal.a...@gmail.com - What steps will reproduce the problem? 1. Just use the database to PostgreSQL 2. Config srbac along with its controller 3. Run it What is the expected output? srbac will check the database to see if the user allowed or not allowed What do you see instead? using PostgreSQL gives SQLSTATE[42883]: Undefined function: 7 ERROR: operator does not exist: character varying = integer Please provide any additional information below. This not only proglem with srbac but all php program that using PostgreSQL. The problem is because PotgreSQL 8.3 above not using automatic type cast, so problem rise when comparing datatype. The solution was to using quote for integer, so that comparation will do between var char = var char. So the work around is just change the srbac SQL from "SELECT name, type, description, t1.bizrule, t1.data, t2.bizrule AS bizrule2, t2.data AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid=:userid"; to "SELECT name, type, description, t1.bizrule, t1.data, t2.bizrule AS bizrule2, t2.data AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid='".$userId."'"; [notice the userid=:userid] Hope this will applied in the next version. thanks. What steps will reproduce the problem? 1. Just use the database to PostgreSQL 2. Config srbac along with its controller 3. Run it What is the expected output? srbac will check the database to see if the user allowed or not allowed What do you see instead? using PostgreSQL gives SQLSTATE[42883]: Undefined function: 7 ERROR: operator does not exist: character varying = integer Please provide any additional information below. This not only proglem with srbac but all php program that using PostgreSQL. The problem is because PotgreSQL 8.3 above not using automatic type cast, so problem rise when comparing datatype. The solution was to using quote for integer, so that comparation will do between var char = var char. So the work around is just change the srbac SQL from "SELECT name, type, description, t1.bizrule, t1.data, t2.bizrule AS bizrule2, t2.data AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid=:userid"; to "SELECT name, type, description, t1.bizrule, t1.data, t2.bizrule AS bizrule2, t2.data AS data2 FROM {$this->itemTable} t1, {$this->assignmentTable} t2 WHERE name=itemname AND userid='".$userId."'"; [notice the userid=:userid] Hope this will applied in the next version. thanks. Mar 31, 2011 r229 (Czech translation) committed by spy...@valor.gr - Czech translation Czech translation Mar 13, 2011 srbac_guide_1.2.pdf (srbac 1.2 guide) file uploaded by spy...@valor.gr - Labels: Featured Type-Docs OpSys-All Labels: Featured Type-Docs OpSys-All Mar 13, 2011 blog-srbac_1.2_r228.zip (blog demo with srbac 1.2) file uploaded by spy...@valor.gr - Labels: Featured Type-Source OpSys-All Labels: Featured Type-Source OpSys-All Mar 13, 2011 srbac_1.2_r228.zip (srbac 1.2) file uploaded by spy...@valor.gr - Labels: Featured Type-Source OpSys-All Labels: Featured Type-Source OpSys-All Mar 13, 2011 r228 (version 1.2_rev228) committed by spy...@valor.gr - version 1.2_rev228 version 1.2_rev228 Mar 13, 2011 issue 67 (actions name glitch) Status changed by spy...@valor.gr - This issue was closed by revision r227. Status: Fixed This issue was closed by revision r227. Status: Fixed Mar 13, 2011 r227 (Fixed bug with actions contain the string "action" (fixes is...) committed by spy...@valor.gr - Fixed bug with actions contain the string "action" (fixes issue 67 ) Fixed bug with actions contain the string "action" (fixes issue 67 ) Mar 13, 2011 issue 71 (search button/multiple ajax call) Status changed by spy...@valor.gr - This issue was closed by revision r226. Status: Fixed This issue was closed by revision r226. Status: Fixed Mar 13, 2011 r226 (Fixed multiple ajax calls (fixes issue 71)) committed by spy...@valor.gr - Fixed multiple ajax calls (fixes issue 71 ) Fixed multiple ajax calls (fixes issue 71 )

issue 75 (srbac cannot accept action with parameter) reported by kasuma.y...@gmail.com - What steps will reproduce the problem? when I was trying to access an action that require a parameter inside(e.g actionUpdate($id). These action has assigned to alwaysallowed and it saved in allowed.php as update$id. What is the expected output? What do you see instead? The output is, it shows error like this: Error:403 'You are not authorized for this action' Error while trying to access /page/index. No matter I access it as a guess or authorized user, it keeps showing the error 403. What version of the product are you using? On what operating system? Yii version: 1.1.7 XAMPP 1.7.3 OS : Win Vista The solution is: I've added this code below into SBaseController.php in srbac module controller: if (count($this->actionParams) > 0){ $keys=array_keys($this->actionParams); foreach($keys as $key){ $query=$query.','.'$'.$key; } $query=substr_replace($query, '',0,1); $access=$access.$query; } What happen with the current code is, $mod = $this->module !== null ? $this->module->id . "/" : ""; $contrArr = explode("/", $this->id); $contrArr[sizeof($contrArr) - 1] = ucfirst($contrArr[sizeof($contrArr) - 1]); $controller = implode(".", $contrArr); $contr = str_replace("/", ".", $this->id); $access = $mod . $controller . ucfirst($this->action->id); //Always allow access if $access is in the allowedAccess array if (in_array($access, $this->allowedAccess())) { return true; } when beforeAction accept action with parameter, the key parameter didn't assigned to $access. e.g, it supposed to be like this PageIndex$id, but the value that assigned to $access only PageIndex which is different with value that saved in allow.php

What steps will reproduce the problem? when I was trying to access an action that require a parameter inside(e.g actionUpdate($id). These action has assigned to alwaysallowed and it saved in allowed.php as update$id. What is the expected output? What do you see instead? The output is, it shows error like this: Error:403 'You are not authorized for this action' Error while trying to access /page/index. No matter I access it as a guess or authorized user, it keeps showing the error 403. What version of the product are you using? On what operating system? Yii version: 1.1.7 XAMPP 1.7.3 OS : Win Vista The solution is: I've added this code below into SBaseController.php in srbac module controller: if (count($this->actionParams) > 0){ $keys=array_keys($this->actionParams); foreach($keys as $key){ $query=$query.','.'$'.$key; } $query=substr_replace($query, '',0,1); $access=$access.$query; } What happen with the current code is, $mod = $this->module !== null ? $this->module->id . "/" : ""; $contrArr = explode("/", $this->id); $contrArr[sizeof($contrArr) - 1] = ucfirst($contrArr[sizeof($contrArr) - 1]); $controller = implode(".", $contrArr); $contr = str_replace("/", ".", $this->id); $access = $mod . $controller . ucfirst($this->action->id); //Always allow access if $access is in the allowedAccess array if (in_array($access, $this->allowedAccess())) { return true; } when beforeAction accept action with parameter, the key parameter didn't assigned to $access. e.g, it supposed to be like this PageIndex$id, but the value that assigned to $access only PageIndex which is different with value that saved in allow.php

Last 30 days

Earlier this year

Older