Adjusting the rights of a role

Introduction

  • RADIUSdesk allows the admin of a cloud to be in one of three possible roles.
    • Admin
    • Operator
    • View
  • The rights of the admin is dictated by the role they are in.
  • This document will cover the technical details of RBA in CakePHP and also how to manage the rights for each role.

RBA in CakePHP

  • Each controller in CakePHP has various methods that are called.
  • These methods are recorded in a config file with the convention Rba + contoller name + .php.
  • Refer to the RbaPermanentUsers.php here:
<?php
 
$config = [];
$config['RbaPermanentUsers'] = [
    'admin'     => ['*'],
    'view'      => [
        'exportCsv',
        'index',
       //'add',
       //'import',
      //'delete',
        'viewBasicInfo',
      //'editBasicInfo',
        'viewPersonalInfo',
      //'editPersonalInfo',
        'privateAttrIndex',
      //'privateAttrAdd',
      //'privateAttrEdit',
      //'privateAttrDelete',
      //'restrictListOfDevices',
      //'autoMacOnOff',
        'viewPassword',
      //'changePassword',
      //'emailUserDetails',
        'enableDisable',
 
        //Buttons
        //'btnRadius',
        //'btnGraph',
        //'btnByod',
        //'btnTopup',
    ],
    'granular'  => [
        'exportCsv',
        'index',
        'add',
        'import',
        'delete',
        'viewBasicInfo',
        'editBasicInfo',
        'viewPersonalInfo',
        'editPersonalInfo',
        'privateAttrIndex',
        'privateAttrAdd',
        'privateAttrEdit',
        'privateAttrDelete',
        'restrictListOfDevices',
        'autoMacOnOff',
        'viewPassword',
        'changePassword',
        'emailUserDetails',
        'enableDisable',
 
        //Buttons
        'btnRadius',
        'btnGraph',
        'btnByod',
        'btnTopup',
    ],
    'logActions'    => true,    //Flag to set if we want to actions logged
    'logExcludes'   => [
        'index'
    ]
];
 
return $config;
?>
  • The file returns an array called $config with a key that matches the filename without .php.
  • In our sample it is RbaPermanentUsers.
  • The value of this key in turn contains an array with the following keys:
    1. admin: Typically contains a wildcard array.
    2. view: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the view role.
    3. granular: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the operator role.
    4. logActions: Specify if actions on this controller needs to be recorded in a log.
    5. logExcludes: Specify which actions should be excluded from the log records.

Special entries 'btn'

  • You might have noticed there are entries under a heading Buttons.
  • These are special entries that are uses to show or hide certain buttons on the applet for an admin role.
  • If for instance you do not want to show the Topup button, you can simply comment that entry out.
  • The Topup button will then not be included.

Components involved with RBA

AaComponent

  • The AaComponent will check if there is a RBA config file and then apply any restrictions on the role that needs to be applied with a informative error message.

GridButtonsRbaComponent

  • The GridButtonsRbaComponent will check if there is a RBA config file and use that to construct the buttons on the applet's toolbar.
  • technical/rba-adjust.txt
  • Last modified: 2025/06/13 09:54
  • by system