my Application has two modules. One for the main application (App) and one for backend administration (Admin).
For both I need an user management so I'd like to use ZFCUser. But I want to have different entities and database tables for the backend user (in the Admin module) and frontend user (in the App module). Also I need to set different configurations for the redirect rules.
When I configure e.g. "user_entity_class" in both module config files, it always will use the configuration of the last loaded module.
Has anybody an idea want could be an solution for that?
I'm happy about every proposal.
Update:
Unfortunately ACL is no solution because both user types are totally different. The entities have different (required) attributes and the workflows like the registration aren't the same.
You should only include ZfcUser ONCE.
If you want user roles like Admin you should look at ACL/RBAC.
There are modules which integrates with ZfcUser:
ACL: https://github.com/bjyoungblood/BjyAuthorize
RBAC: https://github.com/ZF-Commons/zfc-rbac
Related
I am trying to build a MVC Core app for an organisation. There is some vague requirements which I am not able to comprehend. I hope the community helps me out here.
There will be two types of users. One will be the admin and the other will be the normal users. The admin can access the admin module and the rest of the modules while each of these normal users will have access to different modules (except the admin one) and the sub-menus inside those modules. Let me explain that.
Let us suppose we have two modules : Disaster Recovery and Asset Tracking. The admin will be able to access each of these modules. But some of the normal users may or may not be able to access each of these two modules. Some of the users may have the authorization to access both modules while some of them will have access to only one.
Now here comes the tricky part. Inside each modules are sub-menus. For example if we have a module named Asset Tracking, the sub-menus inside this module can be ASST0001, ASST0002 and so on. These sub-menus are my MVC views. Again if a user has access to a module does not mean he/she will have access to the whole sub-menus of that said module. This app will be scalable and the no of users may increase as the time progresses.
How do I approach this problem? What would be the most efficient way and scalable way to approach this problem ?
I am sorry if I may seem naive but this is my first real job at designing something like this. I search the internet and most of them were talking about Roles, Users and Permissions which honestly just breezed over my head. Please guide me.
You need to use custom requirements for this Creating a custom requirement is a blog post for this.
You can even inject Dbcontext or repositories in requirement handle
Currently I'm working on system, that uses ZendFramework2 Acl implementation for managing user roles and permissions for various parts of it. Till this moment it works as is supposed to do - giving or rejecting users based on their role. Recently we got a new feature request - implement functionality that allows permission management per user, regardless the role he or she has. Here comes the tricky part - Zend implementation of Acl doesn't met the requirements out of the box (if it supposed to do so at al). Just to note - system is already tightly integrated with the current model, so it will be pain of heart to use another kind permission management model.
So far the best solution I could think of was to represent individual users as roles in Acl and grant them appropriate privileges, so it is possible to dynamically create or delete resources and privileges for users, without impacting overall role permissions (which still apply).
Could I get some suggestions please? Is this the "right way" or there better approach to the problem? Thanks in advance :)
If an user by the fact to be himself has some privilegies, then you have to create a new role for that user.
I have just developed an ACL module that allows you to manage access to each route only creating a new key in each route called 'roles'. You do not have to configure the ACL creating allow rules manually, this module creates the rules automatically for you reading the routes.
You can have a look: https://github.com/itrascastro/TrascastroACL
I'm still learning Rails, but faced with this project: Web solution should consist of three parts - the website, section for partners and admin panel. Section for partners and admin panel should be available as subdirectories (customer's requirement) like this:
somesite.com
somesite.com/partners/
somesite.com/admin/
I decided to make three separate applications with common models and business logic and deploy them in mentioned way using Passenger and Apache.
In the database should be two models: Admin (for administrators only) and User (quite fat model, common for users and partners, differs by is_partner field). Because those models are common to all three sites, I decided to put them in the Rails Engine, and then use appropriate model for each application. But now I have the issue of choosing the suitable authentication module.
Could you advice one? Should I try to use some already existing solution or I better have to implement my own authentication? Or may be my entire approach to this project is wrong from beginning?
Thank you.
I would use one User model, since you won't need to duplicate any logic, and use three roles: user, partner, and admin, unless admins are drastically different from other users. For authentication, I would suggest Devise, which is the go-to authentication system for Rails. For authorization, I would suggest CanCan.
If you're looking for a pre-made admin interface, try RailsAdmin or ActiveAdmin. RailsAdmin is simple to use and easily configurable, but not too customizable, while ActiveAdmin is a little more difficult to use but more customizable. Both of them are integrated with devise.
I m a new user to the CMS, after extensive search on google and through the github repo of comfy, all i found is this file - http_auth.rb, where i can add name:password pairs, i think this is for basic http auth.
here's from the manual:
After finishing installation you should be able to navigate to http://abcd.com/admin
Default username and password is 'username' and 'password'. You probably want to change it right away. Admin credentials (among other things) can be found and changed in the cms initializer: /config/initializers/comfortable_mexican_sofa.rb
Before creating pages and populating them with content we need to create a Site. Site defines a hostname, content path and it's language.
as i see now, this actually means there can only be one user, the admin? no user support like in wordpress etc?
There's a good extension gem built on Devise called cms-fortress. This is likely the easiest way to add multiple users to a Comfy rails app.
By default you get a new admin route at /cms-admin and login:
username: admin#cmsfortress.com
password: 1234qwer
Other more advanced features like user permissions are also implemented.
Out of the box ComfortableMexicanSofa only supports BasicAuth. So yeah, only one "admin". This CMS doesn't have a user/auth system because it doesn't want to take away freedom of choice from you (see Refinery/Devise).
However, it's very easy to make it work with whatever you want. See: https://github.com/comfy/comfortable-mexican-sofa/wiki/Changing-default-authentication
This way you can use your existing Devise / Sorcery / whatever else auth system.
Also, for many installs Devise is a major overkill. Sometimes one admin user is more than enough.
Hi I need to use ACL in a situation where user can only login through third party service like facebook google etc and their are only two roles guest and user. Right now I am using \Zend\Authentication\Storage\Session() to store user object in session after authentication, but I don't want to apply checks on my every action to know the status of user. I want to keep it simple by using a simple access control list. I have checked many modules like zfcUser etc but they are far more complex than what I actually need. I tried to build my own ACL plugin but the documentation is not good enough and the tutorials on zf2 ACL are focusing on different cases.
Thanks in Advance for your help
Maybe this module can help:
BjyAuthorize
This module is designed provide a facade for Zend\Permissions\Acl that will ease its usage with modules and applications. By default, it provides simple setup via config files or by using Zend\Db or Doctrine ORM. This module also comes with out-of-the-box support for and integration with ZfcUser.