Adjusting the rights of a role

• RADIUSdesk allows the admin of a cloud to be in one of three possible roles.
  • Admin
  • Operator
  • View
• The rights of the admin is dictated by the role they are in.
• This document will cover the technical details of RBA in CakePHP and also how to manage the rights for each role.

• Each controller in CakePHP has various methods that are called.
• These methods are recorded in a config file with the convention Rba + contoller name + .php.
• Refer to the RbaPermanentUsers.php here:

<?php
 
$config = [];
$config['RbaPermanentUsers'] = [
    'admin'     => ['*'],
    'view'      => [
        'exportCsv',
        'index',
       //'add',
       //'import',
      //'delete',
        'viewBasicInfo',
      //'editBasicInfo',
        'viewPersonalInfo',
      //'editPersonalInfo',
        'privateAttrIndex',
      //'privateAttrAdd',
      //'privateAttrEdit',
      //'privateAttrDelete',
      //'restrictListOfDevices',
      //'autoMacOnOff',
        'viewPassword',
      //'changePassword',
      //'emailUserDetails',
        'enableDisable',
 
        //Buttons
        //'btnRadius',
        //'btnGraph',
        //'btnByod',
        //'btnTopup',
    ],
    'granular'  => [
        'exportCsv',
        'index',
        'add',
        'import',
        'delete',
        'viewBasicInfo',
        'editBasicInfo',
        'viewPersonalInfo',
        'editPersonalInfo',
        'privateAttrIndex',
        'privateAttrAdd',
        'privateAttrEdit',
        'privateAttrDelete',
        'restrictListOfDevices',
        'autoMacOnOff',
        'viewPassword',
        'changePassword',
        'emailUserDetails',
        'enableDisable',
 
        //Buttons
        'btnRadius',
        'btnGraph',
        'btnByod',
        'btnTopup',
    ],
    'logActions'    => true,    //Flag to set if we want to actions logged
    'logExcludes'   => [
        'index'
    ]
];
 
return $config;
?>

• The file returns an array called $config with a key that matches the filename without .php.
• In our sample it is RbaPermanentUsers.
• The value of this key in turn contains an array with the following keys:
  1. admin: Typically contains a wildcard array.
  2. view: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the view role.
  3. granular: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the operator role.
  4. logActions: Specify if actions on this controller needs to be recorded in a log.
  5. logExcludes: Specify which actions should be excluded from the log records.

• You might have noticed there are entries under a heading Buttons.
• These are special entries that are uses to show or hide certain buttons on the applet for an admin role.
• If for instance you do not want to show the Topup button, you can simply comment that entry out.
• The Topup button will then not be included.

• The AaComponent will check if there is a RBA config file and then apply any restrictions on the role that needs to be applied with a informative error message.

• The GridButtonsRbaComponent will check if there is a RBA config file and use that to construct the buttons on the applet's toolbar.