Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bizrule #68

Open
joujou opened this issue Apr 14, 2013 · 14 comments
Open

bizrule #68

joujou opened this issue Apr 14, 2013 · 14 comments

Comments

@joujou
Copy link

joujou commented Apr 14, 2013

It seems there's no bizrule management. Did I miss it ?
@izemize
Copy link
Contributor

izemize commented Apr 17, 2013

Yes, but is work if you can add manually in db.

@joujou
Copy link
Author

joujou commented Apr 18, 2013

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16533024
.

Cordialement,
Jean-Pierre Jounier

@crisu83
Copy link
Owner

crisu83 commented Apr 18, 2013

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected] wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16558886
.

@joujou
Copy link
Author

joujou commented Apr 18, 2013

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected] wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>
.


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16586965
.

Cordialement,
Jean-Pierre Jounier

@crisu83
Copy link
Owner

crisu83 commented Apr 18, 2013

Bizrules are evaluated php code, so it's far from safe to let users write
them in the ui. In addition users that manage permissions do not need to
access bizrules, they're used by the developers to allow conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected] wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected] wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16587145
.

@joujou
Copy link
Author

joujou commented Apr 18, 2013

Ok I understand. I find this solution rather ugly (the concept of bizrule
stored in db and the usage of eval on that code).
Another thing: why isn"t it possible to create a hierarchy of roles
(specifying a role as a child of another one) ? Any particular reason ?

2013/4/18 Christoffer Niska [email protected]

Bizrules are evaluated php code, so it's far from safe to let users write
them in the ui. In addition users that manage permissions do not need to
access bizrules, they're used by the developers to allow conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected] wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected] wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16587145>
.


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16590479
.

Cordialement,
Jean-Pierre Jounier

@crisu83
Copy link
Owner

crisu83 commented Apr 18, 2013

That is possible, set the strictMode parameter to false in AuthModule.
On Apr 18, 2013 8:30 PM, "joujou" [email protected] wrote:

Ok I understand. I find this solution rather ugly (the concept of bizrule
stored in db and the usage of eval on that code).
Another thing: why isn"t it possible to create a hierarchy of roles
(specifying a role as a child of another one) ? Any particular reason ?

2013/4/18 Christoffer Niska [email protected]

Bizrules are evaluated php code, so it's far from safe to let users
write
them in the ui. In addition users that manage permissions do not need to
access bizrules, they're used by the developers to allow conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected] wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm
surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected] wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>

.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16587145>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590479>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16590770
.

@joujou
Copy link
Author

joujou commented Apr 18, 2013

Great, thanks.
I really like your extension but my problem is more about bizrule in db +
eval.
In our apps, we need to store that a given user has a given permission over
1 or n specific records of any given table.
Something like that, just for instance:
user1 can edit posts 1,34,45
user2 can edit any post
user3 can edit posts 3,34,56
user3 can edit comments 2,45,46

Do you think we can achieve that with your extension without using
bizrule+data column ?

2013/4/18 Christoffer Niska [email protected]

That is possible, set the strictMode parameter to false in AuthModule.
On Apr 18, 2013 8:30 PM, "joujou" [email protected] wrote:

Ok I understand. I find this solution rather ugly (the concept of
bizrule
stored in db and the usage of eval on that code).
Another thing: why isn"t it possible to create a hierarchy of roles
(specifying a role as a child of another one) ? Any particular reason ?

2013/4/18 Christoffer Niska [email protected]

Bizrules are evaluated php code, so it's far from safe to let users
write
them in the ui. In addition users that manage permissions do not need
to
access bizrules, they're used by the developers to allow conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected] wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm
surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected]
wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>

.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16587145>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590479>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590770>
.


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16590830
.

Cordialement,
Jean-Pierre Jounier

@crisu83
Copy link
Owner

crisu83 commented Apr 18, 2013

No, you need to use bizrules for that. I wouldn't try to avoid them either
as they're a vital part of yii's authorization management.

-Christoffer
On Apr 18, 2013 8:46 PM, "joujou" [email protected] wrote:

Great, thanks.
I really like your extension but my problem is more about bizrule in db +
eval.
In our apps, we need to store that a given user has a given permission
over
1 or n specific records of any given table.
Something like that, just for instance:
user1 can edit posts 1,34,45
user2 can edit any post
user3 can edit posts 3,34,56
user3 can edit comments 2,45,46

Do you think we can achieve that with your extension without using
bizrule+data column ?

2013/4/18 Christoffer Niska [email protected]

That is possible, set the strictMode parameter to false in AuthModule.
On Apr 18, 2013 8:30 PM, "joujou" [email protected] wrote:

Ok I understand. I find this solution rather ugly (the concept of
bizrule
stored in db and the usage of eval on that code).
Another thing: why isn"t it possible to create a hierarchy of roles
(specifying a role as a child of another one) ? Any particular reason
?

2013/4/18 Christoffer Niska [email protected]

Bizrules are evaluated php code, so it's far from safe to let users
write
them in the ui. In addition users that manage permissions do not
need
to
access bizrules, they're used by the developers to allow conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected] wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm
surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected]
wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>

.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16587145>

.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590479>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590770>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590830>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16591676
.

@joujou
Copy link
Author

joujou commented Apr 18, 2013

It seems to me I can't seriously use eval() for some code stored in the DB.

I plan something else more secure: I store in authAssignment.data a
serialized array storing all the records ID associated with the authitem
assigned.
I create a class that inherits CdbAuthManager to override checkAccess or I
create another method to check the access, that doesn't call
evaluateBizrule() so it's more secure, and it will perform the job the
function I would have called in the bizrule would have done !

In case I do that, I'll extend your extension: when creating an assignment,
it'll be possible to choose a table of the db, then it'll be possible to
choose 1 or more records of the chosen table. Their ID will be stored in
authAssignment.data in a serialized array.

What do you think about that idea ?

2013/4/18 Christoffer Niska [email protected]

No, you need to use bizrules for that. I wouldn't try to avoid them either
as they're a vital part of yii's authorization management.

-Christoffer
On Apr 18, 2013 8:46 PM, "joujou" [email protected] wrote:

Great, thanks.
I really like your extension but my problem is more about bizrule in db
+
eval.
In our apps, we need to store that a given user has a given permission
over
1 or n specific records of any given table.
Something like that, just for instance:
user1 can edit posts 1,34,45
user2 can edit any post
user3 can edit posts 3,34,56
user3 can edit comments 2,45,46

Do you think we can achieve that with your extension without using
bizrule+data column ?

2013/4/18 Christoffer Niska [email protected]

That is possible, set the strictMode parameter to false in AuthModule.
On Apr 18, 2013 8:30 PM, "joujou" [email protected] wrote:

Ok I understand. I find this solution rather ugly (the concept of
bizrule
stored in db and the usage of eval on that code).
Another thing: why isn"t it possible to create a hierarchy of roles
(specifying a role as a child of another one) ? Any particular
reason
?

2013/4/18 Christoffer Niska [email protected]

Bizrules are evaluated php code, so it's far from safe to let
users
write
them in the ui. In addition users that manage permissions do not
need
to
access bizrules, they're used by the developers to allow
conditional
permissions. I'm not fond of bizrules myself but sometimes they're
necessary. In those cases I add them directly in the database.

-Christoffer
On Apr 18, 2013 7:26 PM, "joujou" [email protected]
wrote:

I don't understand. bizrule and data are fields of authitem and
authassignments and the UI aims to manage those tables so I'm
surprised
those 2 fields are not in the form.

2013/4/18 Christoffer Niska [email protected]

Because bizrules doesn't belong in the user interface.

-Christoffer
On Apr 18, 2013 8:44 AM, "joujou" [email protected]
wrote:

Why not a field to manage bizrules also ?

2013/4/17 Stageline [email protected]

Yes, but is work if you can add manually in db.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16533024>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16558886>

.


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16586965>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<

https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16587145>

.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590479>

.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590770>
.


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16590830>
.

Cordialement,
Jean-Pierre Jounier


Reply to this email directly or view it on GitHub<
https://github.com/Crisu83/yii-auth/issues/68#issuecomment-16591676>
.


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-16593485
.

Cordialement,
Jean-Pierre Jounier

@r3verser
Copy link

r3verser commented Jun 6, 2013

How about check if DEBUG mode is on, then show bizrule field. This will protect bizrule editing on production, and help developers do their job..?

@crisu83
Copy link
Owner

crisu83 commented Jun 7, 2013

That would be one option. I kind of like the idea.

-Chris

On Thu, Jun 6, 2013 at 8:22 AM, r3verser [email protected] wrote:

How about check if DEBUG mode is on, then show bizrule field. This will
protect bizrule editing on production, and help developers do their job..?


Reply to this email directly or view it on GitHubhttps://github.com//issues/68#issuecomment-19025496
.

Best regards,
Christoffer Niska
Phone +358 500 980 565
E-mail [email protected]

@crisu83 crisu83 closed this as completed Sep 8, 2013
@schmunk42
Copy link

Why did you close this? I'd also need it + a data field.

@crisu83 crisu83 reopened this Oct 10, 2013
@crisu83
Copy link
Owner

crisu83 commented Oct 10, 2013

You're right @schmunk42. I will add this when we can think of a good way for adding this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@r3verser @schmunk42 @crisu83 @izemize @joujou