Yii install Rights in easy steps – How to install Yii Rights

A few days ago I had to use Yii user permissions for a client website. I spent days looking here and there on google and trying several alternatives but no one worked for me easily. I tried several Yii extensions but I was not lucky to get any one working.
Finally I found Yii Rights extension but I could not any working instructions or a complete example. I decided to write this simple tutorial.

I used the following steps in order to use Yii Rights in my project.

1. Download the extension from its official site here. (http://www.yiiframework.com/extension/rights/). and extract the archive. Place the folder rights in protected/modules/ folder. If modules folder does not exist create it. The Yii application structure should look like the following:

    
    yii_project
    |
    |----protected
         |----models
         |----modules
              |----rights

2. Add the following lines to your application’s configuration. You would need to make the changes in three different places as shown below.

      'import'=>array(               // first place
          ......
          'application.modules.rights.*',
          'application.modules.rights.components.*', // Correct paths if necessary.
      ),
      .....
      'modules'=>array(             // second place
		.....
                'rights' => array(
                    'install' => FALSE,   // we will install tables manually
                ),
       ),
       ....
       'components'=>array(        // third place
                 'user'=>array(
                        'class' => 'RWebUser', 
	                 // enable cookie-based authentication
	                 'allowAutoLogin'=>true,
                  ),
                 'authManager' => array(
                         'class' => 'RDbAuthManager',
                  ),

3. You must have/create a table User with the columns id and username. Now copy the following SQL and run it.
in your database manually (may be one by one table). It will create four tables in your DB.

delimiter $$

CREATE TABLE `AuthAssignment` (
  `itemname` varchar(64) NOT NULL,
  `userid` varchar(64) NOT NULL,
  `bizrule` text,
  `data` text,
  PRIMARY KEY (`itemname`,`userid`),
  CONSTRAINT `AuthAssignment_ibfk_1` FOREIGN KEY (`itemname`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1$$

CREATE TABLE `AuthItem` (
  `name` varchar(64) NOT NULL,
  `type` int(11) NOT NULL,
  `description` text,
  `bizrule` text,
  `data` text,
  PRIMARY KEY (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1$$

CREATE TABLE `AuthItemChild` (
  `parent` varchar(64) NOT NULL,
  `child` varchar(64) NOT NULL,
  PRIMARY KEY (`parent`,`child`),
  KEY `child` (`child`),
  CONSTRAINT `AuthItemChild_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE,
  CONSTRAINT `AuthItemChild_ibfk_2` FOREIGN KEY (`child`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1$$

CREATE TABLE `Rights` (
  `itemname` varchar(64) NOT NULL,
  `type` int(11) NOT NULL,
  `weight` int(11) NOT NULL,
  PRIMARY KEY (`itemname`),
  CONSTRAINT `Rights_ibfk_1` FOREIGN KEY (`itemname`) REFERENCES `AuthItem` (`name`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1$$

4. Now you can run your Yii application with Yii Rights extension installed by typing the URL:
http://localhost/yiiapp/rights/ or http://localhost/yiiapp/index.php?r=rights/
where yiiapp is the name of your yii application. Here you may receive an error like:

 Error 403. There must be at least one superuser!

Now to address this issue simply edit file /modules/rights/components/RAuthorizer.php and comment out the lines near line no 304 and 305.

 
     //if( $superusers===array() )
         //  throw new CHttpException(403, Rights::t('core', 'There must be at least one superuser!'));

Now if you open the above link you will be on rights page. Now you can create roles, tasks and operations using the rights web interface.

5. The controllers must be extended from BController now instead of CController and the filters function inside each controller using Rights should look like the following.

 
        public function filters()
	{
		return array(
                    'rights'
		);
	}

If you want any action to be ignored by Rigths simply add a minus in from of it in the filters function for example:

 
        public function filters()
	{
		return array(
                    'rights -index'
		);
	}

Furthermore you can remove the accessRules function for all controllers using Rights as it is no more needed.