I hope to help a look

[CrazyCodes]

Ask a question, why I created a permissions useradd, but this access is not assigned to the admin user, but still returns true when use the check method

[abiusx]

How do you add it and how do you check?

On May 24, 2017, at 8:48 AM, Mr. Zhang, notifications@github.com wrote:

Ask a question, why I created a permissions useradd, but this access is not assigned to the admin user, but still returns true when use the check method

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW28hcmDqnKnusJSERpjJz1bPODHoks5r9FFqgaJpZM4NlTsS.

[CrazyCodes]

$perm_descriptions = array( 'Can delete users', 'Can edit user profiles', 'Can view users' );

$rbac->Permissions->addPath('/delete_users/edit_users/view_users', $perm_descriptions); //$rbac->Permissions->add('delete_users','this is test'); var_dump($rbac->check('delete_users',1));

Hello, abiusx, I use the add method or addpath method to perform add, the check method is used to check, thank you very much for your help me.

[abiusx]

Hello, User 1 is root, root is by default connected to root role and root permission, and thus has access to everything.

On May 24, 2017, at 7:36 PM, Mr. Zhang, notifications@github.com wrote:

$perm_descriptions = array( 'Can delete users', 'Can edit user profiles', 'Can view users' );

$rbac->Permissions->addPath('/delete_users/edit_users/view_users', $perm_descriptions); //$rbac->Permissions->add('delete_users','this is test'); var_dump($rbac->check('delete_users',1));

Hello, abiusx, I use the add method or addpath method to perform add, the check method is used to check, thank you very much for your help me.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-303906264, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjWyuPT30LwK01ZDGM-DiEMWTh7C6Lks5r9OkhgaJpZM4NlTsS.

[CrazyCodes]

Hello, thank you for your answer, but the problem is not here.After creating the root user, and I created a few users, but did not assign any role or permissions, why this a few users call check method still shows true

[abiusx]

Please post the code you use, or the structure of the database so that I can help. -A

On May 26, 2017, at 1:02 AM, Mr. Zhang, notifications@github.com wrote:

Hello, thank you for your answer, but the problem is not here.After creating the root user, and I created a few users, but did not assign any role or permissions, why this a few users call check method still shows true

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-304218756, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW2BBABIQN1Yomy5nhmiT5_4BtRVUks5r9ocggaJpZM4NlTsS.

[CrazyCodes]

thank you. `<?php include "src/PhpRbac/Rbac.php";

use PhpRbac\Rbac;

$rbac = new Rbac();

Add the add the save the update delete permissions

$rbac->Permissions->add('add', 'add test'); // id = 2 $rbac->Permissions->add('save', 'save test'); // id = 3 $rbac->Permissions->add('update', 'update test'); // id = 4 $rbac->Permissions->add('delete', 'delete test'); // id = 5

Add two roles

$rbac->Roles->add('root', 'is root'); // id = 2 $rbac->Roles->add('admin', 'is admin'); // id = 3

Permissions binding role when the authorization ID for 2 add permissions binding the role ID is 2

$rbac->Roles->assign(2, 2);

Permissions binding role when the authorization ID for 3 add permissions binding the role ID is 3

$rbac->Roles->assign(3, 3);

The above operation, my understanding is that the root characters can only use the add, admin can only use the save

The user root, 1 binding role account access only to the add user id is 1

$rbac->Users->assign(2, 1);

2 binding role admin user, id for 2 only save user permissions

$rbac->Users->assign(3, 2);

After performing

var_dump($rbac->check('add', 2)); // true var_dump($rbac->check('save', 2)); // true var_dump($rbac->check('update', 2)); // true var_dump($rbac->check('delete', 2)); // true

var_dump($rbac->check('add', 1)); // true var_dump($rbac->check('save', 1)); // true var_dump($rbac->check('update', 1)); // true var_dump($rbac->check('delete', 1)); // true`

[CrazyCodes]

`/* Navicat Premium Data Transfer

Source Server : localhost Source Server Type : MySQL Source Server Version : 50542 Source Host : localhost Source Database : phprbac

Target Server Type : MySQL Target Server Version : 50542 File Encoding : utf-8

Date: 05/27/2017 11:20:54 AM */

SET NAMES utf8; SET FOREIGN_KEY_CHECKS = 0;

---

-- Table structure for myadmin_permissions

---

DROP TABLE IF EXISTS myadmin_permissions; CREATE TABLE myadmin_permissions ( ID int(11) NOT NULL AUTO_INCREMENT, Lft int(11) NOT NULL, Rght int(11) NOT NULL, Title char(64) COLLATE utf8_bin NOT NULL, Description text COLLATE utf8_bin NOT NULL, PRIMARY KEY (ID), KEY Title (Title), KEY Lft (Lft), KEY Rght (Rght) ) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

---

-- Records of myadmin_permissions

---

BEGIN; INSERT INTO myadmin_permissions VALUES ('2', '0', '7', 'add', 0x6164642074657374), ('3', '0', '5', 'save', 0x736176652074657374), ('4', '0', '3', 'update', 0x7570646174652074657374), ('5', '0', '1', 'delete', 0x64656c6574652074657374); COMMIT;

---

-- Table structure for myadmin_rolepermissions

---

DROP TABLE IF EXISTS myadmin_rolepermissions; CREATE TABLE myadmin_rolepermissions ( RoleID int(11) NOT NULL, PermissionID int(11) NOT NULL, AssignmentDate int(11) NOT NULL, PRIMARY KEY (RoleID,PermissionID) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

---

-- Records of myadmin_rolepermissions

---

BEGIN; INSERT INTO myadmin_rolepermissions VALUES ('2', '2', '1495855059'), ('3', '3', '1495855059'); COMMIT;

---

-- Table structure for myadmin_roles

---

DROP TABLE IF EXISTS myadmin_roles; CREATE TABLE myadmin_roles ( ID int(11) NOT NULL AUTO_INCREMENT, Lft int(11) NOT NULL, Rght int(11) NOT NULL, Title varchar(128) COLLATE utf8_bin NOT NULL, Description text COLLATE utf8_bin NOT NULL, PRIMARY KEY (ID), KEY Title (Title), KEY Lft (Lft), KEY Rght (Rght) ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

---

-- Records of myadmin_roles

---

BEGIN; INSERT INTO myadmin_roles VALUES ('2', '0', '3', 'root', 0x697320726f6f74), ('3', '0', '1', 'admin', 0x69732061646d696e); COMMIT;

---

-- Table structure for myadmin_userroles

---

DROP TABLE IF EXISTS myadmin_userroles; CREATE TABLE myadmin_userroles ( UserID int(11) NOT NULL, RoleID int(11) NOT NULL, AssignmentDate int(11) NOT NULL, PRIMARY KEY (UserID,RoleID) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

---

-- Records of myadmin_userroles

---

BEGIN; INSERT INTO myadmin_userroles VALUES ('1', '2', '1495854970'), ('2', '3', '1495854970'); COMMIT;

SET FOREIGN_KEY_CHECKS = 1; `

[CrazyCodes]

I submitted the PHP code above and export SQL table, hope can help me solve this confusion.Once assigned the role, the user will hold all permissions.This is not what I need.

[abiusx]

I see. You should not change the default valeus in the database, the system "requires" that a root role and a root permission exist, and be assigned to each other. These have to have ID 1. If you delete them, then nothing will work properly. Please restore the table structure to the original, and then test your code to see if it still fails or not.

Regards -A

On May 26, 2017, at 8:22 PM, Mr. Zhang, notifications@github.com wrote:

I submitted the PHP code above and export SQL table, hope can help me solve this confusion.Once assigned the role, the user will hold all permissions.This is not what I need.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-304423751, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW4acJNbCTj6RKNZaHvkQEJ7nk5Q-ks5r95cDgaJpZM4NlTsS.