My issue is that when I configure pluto (with command line "yii pluto"), I find that although all the expected Permissions are correctly created, those that should have Conditions/Rules do not have them set. Specifically Permissions "updateCommonUser" and "updateCreatedItem" should have Rules set, but they don't.
The Rules have been correctly registered... they are available in the GUI and can be assigned to the 2 Permissions manually. They just weren't applied when the "yii pluto" was run at the command line.
I think the problem lies in commands/PlutoController.php.
On lines 55-60, the Permissions are created, added to the DBAuthManager and cached in a temporary array ($permissions). I believe the Permissions will be written to the DB (as "auth_item") at this point... with blank rule_name fields.
In lines 62 and 65 the ruleName property is set for the Permissions that require a Rule.
However, I do not believe that the updated Permission is ever written back to the DB and hence the ruleNames are never persisted. I think the Permissions ruleName needs to be set before the Permission is $auth->add()ed. This was the case in the first commit (2e863da on 18 Apr 2019), but when the RBAC setup was refactored, the Rules were attached to the Permissions after they were added.
Everything will still work, but I think the result of this is to grant too free update access to User and Item resources
Thanks again for your great work. I have used a few of your Yii2 extensions and have found them clean and elegant in both appearance and usage.
Hello,
First, thanks for a great extension.
My issue is that when I configure pluto (with command line "yii pluto"), I find that although all the expected Permissions are correctly created, those that should have Conditions/Rules do not have them set. Specifically Permissions "updateCommonUser" and "updateCreatedItem" should have Rules set, but they don't.
The Rules have been correctly registered... they are available in the GUI and can be assigned to the 2 Permissions manually. They just weren't applied when the "yii pluto" was run at the command line.
I think the problem lies in commands/PlutoController.php.
On lines 55-60, the Permissions are created, added to the DBAuthManager and cached in a temporary array ($permissions). I believe the Permissions will be written to the DB (as "auth_item") at this point... with blank rule_name fields.
In lines 62 and 65 the ruleName property is set for the Permissions that require a Rule.
However, I do not believe that the updated Permission is ever written back to the DB and hence the ruleNames are never persisted. I think the Permissions ruleName needs to be set before the Permission is $auth->add()ed. This was the case in the first commit (2e863da on 18 Apr 2019), but when the RBAC setup was refactored, the Rules were attached to the Permissions after they were added.
Everything will still work, but I think the result of this is to grant too free update access to User and Item resources
Thanks again for your great work. I have used a few of your Yii2 extensions and have found them clean and elegant in both appearance and usage.