RBAC Database

Question

RBAC Database

edouard-claude opened this issue 7 years ago · comments

Hello and thank you for the work done on this project,
I want to use this pluggin in my fresh installation of CakePHP, my roles and permissions must be in database, you can see the tables i use below:

+---------------------+
| Tables              |
+---------------------+
| permissions         |
| permissions_roles   |
| roles               |
| users               |
| users_roles         |
+---------------------+

permissions
+--------------+--------------+------+-----+---------+-------+
| Field        | Type         | Null | Key | Default | Extra |
+--------------+--------------+------+-----+---------+-------+
| id           | char(36)     | NO   | PRI | NULL    |       |
| name         | varchar(255) | NO   |     | NULL    |       |
| display_name | varchar(255) | YES  |     | NULL    |       |
| description  | text         | YES  |     | NULL    |       |
+--------------+--------------+------+-----+---------+-------+

permissions_roles
+---------------+----------+------+-----+---------+-------+
| Field         | Type     | Null | Key | Default | Extra |
+---------------+----------+------+-----+---------+-------+
| permission_id | char(36) | NO   | PRI |         |       |
| role_id       | char(36) | NO   | PRI |         |       |
+---------------+----------+------+-----+---------+-------+

roles
+--------------+--------------+------+-----+---------+-------+
| Field        | Type         | Null | Key | Default | Extra |
+--------------+--------------+------+-----+---------+-------+
| id           | char(36)     | NO   | PRI | NULL    |       |
| name         | varchar(255) | NO   |     | NULL    |       |
| display_name | varchar(255) | YES  |     | NULL    |       |
| description  | text         | YES  |     | NULL    |       |
+--------------+--------------+------+-----+---------+-------+

users
+----------+--------------+------+-----+---------+-------+
| Field    | Type         | Null | Key | Default | Extra |
+----------+--------------+------+-----+---------+-------+
| id       | char(36)     | NO   | PRI |         |       |
| username | varchar(180) | NO   |     |         |       |
| email    | varchar(180) | NO   |     |         |       |
| password | varchar(255) | NO   |     |         |       |
| created  | datetime     | YES  |     | NULL    |       |
| modified | datetime     | YES  |     | NULL    |       |
+----------+--------------+------+-----+---------+-------+

users_roles
+---------+----------+------+-----+---------+-------+
| Field   | Type     | Null | Key | Default | Extra |
+---------+----------+------+-----+---------+-------+
| user_id | char(36) | NO   | PRI |         |       |
| role_id | char(36) | NO   | PRI |         |       |
+---------+----------+------+-----+---------+-------+

If my tables are correct, they do not work in the state. The basic configuration of the github lacks an example with the configuration in database.
In short, an example with Auth/RbacAuthorize.php which overloads the initial configuration rbac.php for that in database.

Can you advise me to make it operational?

burzum · Answer 1 · Mon Jan 15 2018 19:20:43 GMT+0800 (China Standard Time)

There is a very basic example in the docs for the DB: https://github.com/burzum/cakephp-simple-rbac/blob/master/docs/RBAC-Configuration.md Just fetch your roles and write them to the config or override the component methods as shown in the example. If you need further assistance you can hire me for consulting.

Or try this plugin https://github.com/dereuromark/cakephp-tinyauth which was inspired by my plugin I think. Right @dereuromark? ;) I just maintain my plugins as much as I need them at work these days.

Mark Scherer · Answer 2 · Mon Jan 15 2018 19:28:24 GMT+0800 (China Standard Time)

Not sure, I dont think so, since mine exists since 2010 or sth ( https://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/ )
TinyAuth might have similar ideas, but it is way simpler and doesnt use any permissions flags.
Only role => action mapping.

burzum · Answer 3 · Mon Jan 15 2018 19:30:04 GMT+0800 (China Standard Time)

Mine doesn't really use any permission flags either. It's simply that you have access to a controller/action or not. But I think that's what he wants.

Mark Scherer · Answer 4 · Mon Jan 15 2018 19:31:38 GMT+0800 (China Standard Time)

Ah, I was mislead by the above tables :) All right, then it might help him.

Edouard CLAUDE · Answer 5 · Wed Jan 17 2018 11:55:10 GMT+0800 (China Standard Time)

Hi @burzum, @dereuromark , thank you for your reply,
I have try to create a ActionsMap (config/rbac.php) with my request but, my query results is not like your example ActionMap :

'actionMap' => [
	'Articles' => [
		'view' => ['user', 'author', 'admin']
		'add' => ['admin', 'author'],
		'edit' => ['admin', 'author'],
		'delete' => ['admin'],
	],
	'Users' => [
		'*' => ['admin'],
	],
]

$qeury of $permissions->find('all')->contain(['Roles']);

(int) 0 => object(App\Model\Entity\Permission) {

		'id' => 'c45a26cd-77dc-4446-905f-a36a2dbf1bcd',
		'name' => 'Users/add',
		'display_name' => 'Add User',
		'description' => '',
		'roles' => [
			(int) 0 => object(App\Model\Entity\Role) {

				'id' => '49ef8857-b2d3-49d8-8093-c918f9837e3c',
				'name' => 'admin',
				'display_name' => 'Admin',
				'description' => '',

		[...]
(int) 1 => object(App\Model\Entity\Permission) {

		'id' => 'db3951ce-99c1-4ecb-981e-8ce42f6fb8ee',
		'name' => 'Permissions/add',
		'display_name' => 'Add Permissions',
		'description' => '',
		'roles' => [
			(int) 0 => object(App\Model\Entity\Role) {

				'id' => '49ef8857-b2d3-49d8-8093-c918f9837e3c',
				'name' => 'admin',
				'display_name' => 'Admin',
				'description' => '',
		[...]

Should I create a table similar to 'ActionsMap' from my result?
Can you then help me to make this table so that it corresponds to your prerequisites?