In the Yii Rights extension, how do I make it ignore case when it's setting the user's rights?
For example: I have an user named admin in the tbl_users. If I login with admin, the user will get the rights set in the AuthAssignment table. However, if I login as ADMIN, it will not set the user's rights correctly.
Well i think case sensitivity is important for data integrity and cant be turned off like a switch.
But there is a way around it-
When you login use strtolower() to convert to small case.
I hope it solves your problem.
Cheers.
Related
So I have the users in a table and I know my login system works because I use it for other workspaces. However across all the applications in this particular workspace I am having an error where users roles are not being recognized in particular I can't even get the admin page to work for me and I am a developer. If anyone has any clue on how to fix this it would be greatly appreciated.
If that first image is the default Admin pages, then wouldn't that mean you have access since you can see that page?
(which by default, if you let APEX create it for you through New Page > Features > Access Control) has Administration Rights set as the Authorization scheme
You have two places to check to find the issue:
Shared Components > Security > Authorization Scheme
Go to or Click your Administation Rights, under Authorization Scheme, you need to make sure you are using Is in Role or Group IF that is the requirement and you are to use the created roles. Make sure the role, Administrator (if default roles exist) is listed.
if validation is once per session, and you're still in the same session. log out and log back in. The problem should go away
Shared Components > Security > Application Access Control
Check under Role Assignments if your username is there.
Click Administrator under Roles, and make sure Administration Rights under Associated Authorization Schemes has the Is in Role or Group as the scheme type
If there is a different Authorization scheme (not Is in Role or Group) or you have different roles, then I would suggest post a new question with more details on your setup.
I'm working on a project in Yii, and I have almost no experience with this framework and php.
I'm trying to give access to a view in Yii to different users depending on their role. In my code, in the Controller/accessRules function, I give permission to users with a specific role, that's working fine.
The thing/problem is: I also need to give that same permission to a specific users from very different roles and those roles they don't have to have permission. But those specific users they have a field activated in the 'users' table in the database (it's a boolean field, 1/0 values). If that field has a '1', those users must access to the view, if it's a '0', they don't.
I tried to check the value of the field I described before but the thing is if they don't have the role described in the accessRules, they don't have access. (or maybe the way I check this is not well done).
What I need to do to solve this? I need some tips.
Thanks!
Well, I finally found a solution. Not the one I was expecting but effective... I created a new role/profile in the database and added the role to the users I want to give access, also in the database. Then in the app I added the new role in the controller/action of the view, that's all. It's simple, I know. But I think it's not the best idea because of if the number of users starts growing and in the case every user needs a specific role...maybe it's too much work.
It's my 1st time i'm working with Yii2's RBAC system.
I used http://www.yiiframework.com/doc-2.0/guide-security-authorization.html to get myself familiar with topic.
As i needed some kind of administration for roles / permissions, i installed this extension: https://github.com/mdmsoft/yii2-admin
I'm working on application that let's users submit articles. There are two kind of users, Administrators, and normal Users.
I created 2 roles for that purpose. Admin role and User role.
Users (both admins and users) must have ability to edit articles. Admins should be able to edit any article, while users can edit only their own articles.
For that i created 2 permissions. "Edit" permission and "EditOwn" permission. Than i created "IsOwner" rule and attached it to "EditOwn" permission.
I assigned "Edit" permission to Admin role, and "EditOwn" to User role and everything works great.
Now i'd like to create "lock" status for each article. If Article is locked, user can not edit it even if it's he's own article. Admins should be able to edit it even if it's locked.
For that i created new rule "IsLocked" but i dont know how to add it to "EditOwn" permission. I don't know is it even possible to have 2 rules attached to one permission?
EDIT:
Right now, i have this "dealt with" in way that i have additional permission "EditOwnIsLocked" to which i attached "IsLocked" rule which is than child of "EditOwn", which is child of "Edit".
This works, but it feels dirty and plain and simple wrong.
As it turns out, there is (for now) no way to attach multiple rules to a permission.
You can deal with need of multiple rules in way i do right now, by creating additional permission and attach rule to it and than make child<->parent connection, or you can edit your rule to check for all situations (in my case to check for IsParent and IsLocked).
Those solutions arn't perfect but it's what it is for now. First solution spawns unnecessary permissions, and clutter your permission list (in case you are using yii2-admin or similar extensions), but keeps your rules clean, and second solution keeps your permission list clean but makes you retype same code in multiple rules which is kinda oposit of what OOP stands for.
Is it because of portability? I think that it'd be better if they did, permission and group management would be safer in my opinion.
What I generally saw and did was to create a user account in the DBMS for the system, store that user name and password in a configuration file and accessed the database through it. The authentication module/plugin [always!] works independently the DBMS's user table.
Is there a reason for it?
Am I doing it wrong? :/
If I understand your question correctly, the reason is that if the plugin did that, then the user would be able to get access to your table using the user credentials, which is gigantic potential security hole. You want to give the user access to your app, not to the system running the app.
I have SugarCRM running and able to log in and out using the super admin account. I created a new user with type Regular User and defined it password because I unchecked the auto generation of password.
Even if I change the password through the database I cannot log in. But, if I changed the the type to Administrator that user can now login. Why is that? I want it to be a Regular User only.
Regards,
Ronel
In version 6.5.x I have found that there is a problem with password rules. Perhaps this is the case. Go to config.php and look at passwordsetting array. There is a minpwdlenght and a oneupper. Change 'oneuppper' to 'false' and match minpwdlenght to the lenght you want.
This solved my issue.