Differences

This shows you the differences between two versions of the page.

--- technical:rba-adjust [2025/06/08 06:55] – created system
+++ technical:rba-adjust [2025/06/13 09:54] (current) – system
@@ Line 15: / Line 15: @@
     * View
   * The rights of the admin is dictated by the role they are in.
-  * This document will cover the optional configuration that allows you to map LDAP groups to the respective available roles.
+  * This document will cover the technical details of RBA in CakePHP and also how to manage the rights for each role.
 -----------------
+===== RBA in CakePHP =====
+  * Each controller in CakePHP has various methods that are called.
+  * These methods are recorded in a config file with the convention **Rba** + contoller name + **.php**.
+  * Refer to the RbaPermanentUsers.php here:
+<code php>
+<?php
+$config = [];
+$config['RbaPermanentUsers'] = [
+    'admin'     => ['*'],
+    'view'      => [
+        'exportCsv',
+        'index',
+       //'add',
+       //'import',
+      //'delete',
+        'viewBasicInfo',
+      //'editBasicInfo',
+        'viewPersonalInfo',
+      //'editPersonalInfo',
+        'privateAttrIndex',
+      //'privateAttrAdd',
+      //'privateAttrEdit',
+      //'privateAttrDelete',
+      //'restrictListOfDevices',
+      //'autoMacOnOff',
+        'viewPassword',
+      //'changePassword',
+      //'emailUserDetails',
+        'enableDisable',
+        //Buttons
+        //'btnRadius',
+        //'btnGraph',
+        //'btnByod',
+        //'btnTopup',
+    ],
+    'granular'  => [
+        'exportCsv',
+        'index',
+        'add',
+        'import',
+        'delete',
+        'viewBasicInfo',
+        'editBasicInfo',
+        'viewPersonalInfo',
+        'editPersonalInfo',
+        'privateAttrIndex',
+        'privateAttrAdd',
+        'privateAttrEdit',
+        'privateAttrDelete',
+        'restrictListOfDevices',
+        'autoMacOnOff',
+        'viewPassword',
+        'changePassword',
+        'emailUserDetails',
+        'enableDisable',
+        //Buttons
+        'btnRadius',
+        'btnGraph',
+        'btnByod',
+        'btnTopup',
+    ],
+    'logActions'    => true,    //Flag to set if we want to actions logged
+    'logExcludes'   => [
+        'index'
+    ]
+];
+return $config;
+?>
+</code>
+  * The file returns an array called **$config** with a key that matches the filename without **.php**.
+  * In our sample it is **RbaPermanentUsers**.
+  * The value of this key in turn contains an array with the following keys:
+    - **admin**: Typically contains a wildcard array.
+    - **view**: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the **view** role.
+    - **granular**: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the **operator** role.
+    - **logActions**: Specify if actions on this controller needs to be recorded in a log.
+    - **logExcludes**: Specify which actions should be excluded from the log records.
+----------------
+==== Special entries 'btn' ====
+  * You might have noticed there are entries under a heading **Buttons**.
+  * These are special entries that are uses to show or hide certain buttons on the applet for an admin role.
+  * If for instance you do not want to show the Topup button, you can simply comment that entry out.
+  * The Topup button will then not be included.
+--------------
+===== Components involved with RBA =====
+==== AaComponent ====
+  * The AaComponent will check if there is a RBA config file and then apply any restrictions on the role that needs to be applied with a informative error message.
+--------------
+==== GridButtonsRbaComponent ====
+  * The GridButtonsRbaComponent will check if there is a RBA config file and use that to construct the buttons on the applet's toolbar.