search

yiisoft / yii2

Yii 2: The Fast, Secure and Professional PHP Framework
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
14.23k stars 6.91k forks source link

RBAC: cannot revoke assingment #12764

Closed mogilka closed 7 years ago

mogilka commented 7 years ago

What steps will reproduce the problem?

  1. Create an user 'jam' (successful)
  2. Create a role 'marketer', no matter with or without permissions (successful)
  3. Assign the user 'jam' with the role 'marketer' (successful)
  4. Revoke the assignment 'jam-marketer' (fail)

    What is the expected result?

The assignment revoked, the user 'jam' has no role by name 'marketer'.

What do you get instead?

All Rbac functions works perfectly except the revoke.

2016-10-18 06:27:43 [error][yii\base\ErrorException:8] exception 'yii\base\ErrorException' with message 'Trying to get property of non-object' in /var/www/mysite/vendor/yiisoft/yii2/rbac/DbManager.php:821

Stack trace:

0 /var/www/mysite/vendor/yiisoft/yii2/rbac/DbManager.php(821): yii\base\ErrorHandler->handleError(8, 'Trying to get p...', '/var/www/tablo....', 821, Array)

1 /var/www/mysite/backend/controllers/AccessController.php(274): yii\rbac\DbManager->revoke('marketer', '1')

2 [internal function]: backend\controllers\AccessController->actionRevoke('marketer', '1')

3 /var/www/mysite/vendor/yiisoft/yii2/base/InlineAction.php(55): call_user_func_array(Array, Array)

4 /var/www/mysite/vendor/yiisoft/yii2/base/Controller.php(154): yii\base\InlineAction->runWithParams(Array)

5 /var/www/mysite/vendor/yiisoft/yii2/base/Module.php(454): yii\base\Controller->runAction('revoke', Array)

6 /var/www/mysite/vendor/yiisoft/yii2/web/Application.php(87): yii\base\Module->runAction('access/revoke', Array)

7 /var/www/mysite/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))

8 /var/www/mysite/backend/web/index.php(18): yii\base\Application->run()

9 {main}

2016-10-18 06:27:43 [info][application] $_GET = [ 'role' => 'marketer' 'userid' => '1' ]

Additional info

Q A
Yii version 2.0.6
PHP version 7.0.11-1+deb.sury.org~xenial+1
Operating system Ubuntu 16.04 LTS xenial
mogilka commented 7 years ago

AccessController revoke method:

`/* * Удаление роли пользователя * @param string $role имя роли * @param int $userid идентификатор пользователя * @throws NotFoundHttpException * @return \yii\web\Response / public function actionRevoke($role, $userid) { $auth = Yii::$app->authManager; $model = $auth->getAssignment($role, $userid); if (empty($model)) throw new NotFoundHttpException("There is no assignment \"$role\" for user \"$userid\".");

$res = $auth->revoke($role, $userid);
if (!$res)
    Yii::$app->session->setFlash('danger', Yii::t("yii", "Error"));
return $this->redirect(['assign', "userid"=>$userid]);
}`
dynasource commented 7 years ago
alex-code commented 7 years ago

revoke is expecting a yii\rbac\Role object not a string.

$role = $auth->getRole($roleName);
$res = $auth->revoke($role, $userid);
mogilka commented 7 years ago

Thank you, sorry it's my fault