Open CrazyCodes opened 7 years ago
How do you add it and how do you check?
On May 24, 2017, at 8:48 AM, Mr. Zhang, notifications@github.com wrote:
Ask a question, why I created a permissions useradd, but this access is not assigned to the admin user, but still returns true when use the check method
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW28hcmDqnKnusJSERpjJz1bPODHoks5r9FFqgaJpZM4NlTsS.
$perm_descriptions = array( 'Can delete users', 'Can edit user profiles', 'Can view users' );
$rbac->Permissions->addPath('/delete_users/edit_users/view_users', $perm_descriptions); //$rbac->Permissions->add('delete_users','this is test'); var_dump($rbac->check('delete_users',1));
Hello, abiusx, I use the add method or addpath method to perform add, the check method is used to check, thank you very much for your help me.
Hello, User 1 is root, root is by default connected to root role and root permission, and thus has access to everything.
On May 24, 2017, at 7:36 PM, Mr. Zhang, notifications@github.com wrote:
$perm_descriptions = array( 'Can delete users', 'Can edit user profiles', 'Can view users' );
$rbac->Permissions->addPath('/delete_users/edit_users/view_users', $perm_descriptions); //$rbac->Permissions->add('delete_users','this is test'); var_dump($rbac->check('delete_users',1));
Hello, abiusx, I use the add method or addpath method to perform add, the check method is used to check, thank you very much for your help me.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-303906264, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjWyuPT30LwK01ZDGM-DiEMWTh7C6Lks5r9OkhgaJpZM4NlTsS.
Hello, thank you for your answer, but the problem is not here.After creating the root user, and I created a few users, but did not assign any role or permissions, why this a few users call check method still shows true
Please post the code you use, or the structure of the database so that I can help. -A
On May 26, 2017, at 1:02 AM, Mr. Zhang, notifications@github.com wrote:
Hello, thank you for your answer, but the problem is not here.After creating the root user, and I created a few users, but did not assign any role or permissions, why this a few users call check method still shows true
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-304218756, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW2BBABIQN1Yomy5nhmiT5_4BtRVUks5r9ocggaJpZM4NlTsS.
thank you. `<?php include "src/PhpRbac/Rbac.php";
use PhpRbac\Rbac;
$rbac = new Rbac();
$rbac->Permissions->add('add', 'add test'); // id = 2 $rbac->Permissions->add('save', 'save test'); // id = 3 $rbac->Permissions->add('update', 'update test'); // id = 4 $rbac->Permissions->add('delete', 'delete test'); // id = 5
$rbac->Roles->add('root', 'is root'); // id = 2 $rbac->Roles->add('admin', 'is admin'); // id = 3
$rbac->Roles->assign(2, 2);
$rbac->Roles->assign(3, 3);
$rbac->Users->assign(2, 1);
$rbac->Users->assign(3, 2);
var_dump($rbac->check('add', 2)); // true var_dump($rbac->check('save', 2)); // true var_dump($rbac->check('update', 2)); // true var_dump($rbac->check('delete', 2)); // true
var_dump($rbac->check('add', 1)); // true var_dump($rbac->check('save', 1)); // true var_dump($rbac->check('update', 1)); // true var_dump($rbac->check('delete', 1)); // true`
`/* Navicat Premium Data Transfer
Source Server : localhost Source Server Type : MySQL Source Server Version : 50542 Source Host : localhost Source Database : phprbac
Target Server Type : MySQL Target Server Version : 50542 File Encoding : utf-8
Date: 05/27/2017 11:20:54 AM */
SET NAMES utf8; SET FOREIGN_KEY_CHECKS = 0;
-- Table structure for myadmin_permissions
DROP TABLE IF EXISTS myadmin_permissions
;
CREATE TABLE myadmin_permissions
(
ID
int(11) NOT NULL AUTO_INCREMENT,
Lft
int(11) NOT NULL,
Rght
int(11) NOT NULL,
Title
char(64) COLLATE utf8_bin NOT NULL,
Description
text COLLATE utf8_bin NOT NULL,
PRIMARY KEY (ID
),
KEY Title
(Title
),
KEY Lft
(Lft
),
KEY Rght
(Rght
)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- Records of myadmin_permissions
BEGIN;
INSERT INTO myadmin_permissions
VALUES ('2', '0', '7', 'add', 0x6164642074657374), ('3', '0', '5', 'save', 0x736176652074657374), ('4', '0', '3', 'update', 0x7570646174652074657374), ('5', '0', '1', 'delete', 0x64656c6574652074657374);
COMMIT;
-- Table structure for myadmin_rolepermissions
DROP TABLE IF EXISTS myadmin_rolepermissions
;
CREATE TABLE myadmin_rolepermissions
(
RoleID
int(11) NOT NULL,
PermissionID
int(11) NOT NULL,
AssignmentDate
int(11) NOT NULL,
PRIMARY KEY (RoleID
,PermissionID
)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- Records of myadmin_rolepermissions
BEGIN;
INSERT INTO myadmin_rolepermissions
VALUES ('2', '2', '1495855059'), ('3', '3', '1495855059');
COMMIT;
-- Table structure for myadmin_roles
DROP TABLE IF EXISTS myadmin_roles
;
CREATE TABLE myadmin_roles
(
ID
int(11) NOT NULL AUTO_INCREMENT,
Lft
int(11) NOT NULL,
Rght
int(11) NOT NULL,
Title
varchar(128) COLLATE utf8_bin NOT NULL,
Description
text COLLATE utf8_bin NOT NULL,
PRIMARY KEY (ID
),
KEY Title
(Title
),
KEY Lft
(Lft
),
KEY Rght
(Rght
)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- Records of myadmin_roles
BEGIN;
INSERT INTO myadmin_roles
VALUES ('2', '0', '3', 'root', 0x697320726f6f74), ('3', '0', '1', 'admin', 0x69732061646d696e);
COMMIT;
-- Table structure for myadmin_userroles
DROP TABLE IF EXISTS myadmin_userroles
;
CREATE TABLE myadmin_userroles
(
UserID
int(11) NOT NULL,
RoleID
int(11) NOT NULL,
AssignmentDate
int(11) NOT NULL,
PRIMARY KEY (UserID
,RoleID
)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
-- Records of myadmin_userroles
BEGIN;
INSERT INTO myadmin_userroles
VALUES ('1', '2', '1495854970'), ('2', '3', '1495854970');
COMMIT;
SET FOREIGN_KEY_CHECKS = 1; `
I submitted the PHP code above and export SQL table, hope can help me solve this confusion.Once assigned the role, the user will hold all permissions.This is not what I need.
I see. You should not change the default valeus in the database, the system "requires" that a root role and a root permission exist, and be assigned to each other. These have to have ID 1. If you delete them, then nothing will work properly. Please restore the table structure to the original, and then test your code to see if it still fails or not.
Regards -A
On May 26, 2017, at 8:22 PM, Mr. Zhang, notifications@github.com wrote:
I submitted the PHP code above and export SQL table, hope can help me solve this confusion.Once assigned the role, the user will hold all permissions.This is not what I need.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OWASP/rbac/issues/95#issuecomment-304423751, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVjW4acJNbCTj6RKNZaHvkQEJ7nk5Q-ks5r95cDgaJpZM4NlTsS.
Ask a question, why I created a permissions useradd, but this access is not assigned to the admin user, but still returns true when use the check method