PhpManager does not support many-to-many user-role assignment

yiisoft / yii2

Yii 2: The Fast, Secure and Professional PHP Framework

http://www.yiiframework.com

BSD 3-Clause "New" or "Revised" License

14.23k stars 6.91k forks source link

PhpManager does not support many-to-many user-role assignment #4489

Closed arashkarimian closed 10 years ago

arashkarimian commented 10 years ago

According to document, Yii implements a General Hierarchical RBAC, following the NIST RBAC model.

NIST General Hierarchical model built on top of Flat RBAC + supporting role hierarchy. So RBAC must support many-to-many user-role assignment.

it's seems PhpManager does not support it. in this example the user role is the last one.

$role1 = $auth->getRole('role1');
$role2 = $auth->getRole('role2');
$auth->assign($role1, 26);
$auth->assign($role2, 26);

result in assignments.php file is

<?php
return [
    26 => 'role2',
];

qiangxue commented 10 years ago

@samdark PhpManager::saveAssignments() is not correct.

samdark commented 10 years ago

Will add tests for it and fix.

samdark commented 10 years ago

Fixed. Thanks for reporting.

arashkarimian commented 10 years ago

Thanks, but

public function getAssignments($userId)
    {
        return isset($this->assignments[$userId]) ? $this->assignments[$userId] : [];
    }

return empty array always

I printed $this->assignments and result is

Array
(
    [0] => Array
        (
            [role1] => yii\rbac\Assignment Object
                (
                    [userId] => 0
                    [roleName] => role1
                    [createdAt] => 1406578681
                )

            [role2] => yii\rbac\Assignment Object
                (
                    [userId] => 0
                    [roleName] => role2
                    [createdAt] => 1406578681
                )

        )

)

and this is assignments file content

<?php
return [
    26 => [
        'role1',
        'role2',
    ],
];

cebe commented 10 years ago

added a unit test to verify this. it is passing. 9e62d55 are you sure you are using latest master code? I also do not see $this->assignments in our code, there is is $this->_assignments. please give more details.

cebe commented 10 years ago

well, the test is actually failing on the dbmanager, so there is still something wrong.

arashkarimian commented 10 years ago

@cebe Yes here line 105

cebe commented 10 years ago

Looks like SELECT * FROM auth_assignments WHERE user_id = 0 returns all entries from the table when the column is a VARCHAR!?

cebe commented 10 years ago

CREATE TABLE IF NOT EXISTS `auth_assignment` (
  `item_name` varchar(64) NOT NULL,
  `user_id` varchar(64) NOT NULL,
  `created_at` int(11) DEFAULT NULL,
  PRIMARY KEY (`item_name`,`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Dumping data for table `auth_assignment`
--

INSERT INTO `auth_assignment` (`item_name`, `user_id`, `created_at`) VALUES
('admin', 'admin C', 1406590914),
('author', '1337', 1406590914),
('author', 'author B', 1406590914),
('reader', '1337', 1406590914),
('reader', '42', 1406590914),
('reader', 'reader A', 1406590914);

SELECT * FROM `auth_assignment` WHERE `user_id` =0

gives:

"admin","admin C","1406590914"
"author","author B","1406590914"
"reader","reader A","1406590914"

arashkarimian commented 10 years ago

phpManager->getAssignments($userId) problem still exist

samdark commented 10 years ago

https://github.com/yiisoft/yii2/blob/master/tests/unit/framework/rbac/ManagerTestCase.php#L285 and it passes.

arashkarimian commented 10 years ago

Thanks