Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. <nav type="pills" justified="false"> * [[:user_manuals|Back to Documentation]] * [[:technical:rba-adjust|Adjust RDA rights]] </nav> ----- ====== Adjusting the rights of a role ====== ===== Introduction ===== * RADIUSdesk allows the admin of a cloud to be in one of three possible roles. * Admin * Operator * View * The rights of the admin is dictated by the role they are in. * This document will cover the technical details of RBA in CakePHP and also how to manage the rights for each role. ----------------- ===== RBA in CakePHP ===== * Each controller in CakePHP has various methods that are called. * These methods are recorded in a config file with the convention **Rba** + contoller name + **.php**. * Refer to the RbaPermanentUsers.php here: <code php> <?php $config = []; $config['RbaPermanentUsers'] = [ 'admin' => ['*'], 'view' => [ 'exportCsv', 'index', //'add', //'import', //'delete', 'viewBasicInfo', //'editBasicInfo', 'viewPersonalInfo', //'editPersonalInfo', 'privateAttrIndex', //'privateAttrAdd', //'privateAttrEdit', //'privateAttrDelete', //'restrictListOfDevices', //'autoMacOnOff', 'viewPassword', //'changePassword', //'emailUserDetails', 'enableDisable', //Buttons //'btnRadius', //'btnGraph', //'btnByod', //'btnTopup', ], 'granular' => [ 'exportCsv', 'index', 'add', 'import', 'delete', 'viewBasicInfo', 'editBasicInfo', 'viewPersonalInfo', 'editPersonalInfo', 'privateAttrIndex', 'privateAttrAdd', 'privateAttrEdit', 'privateAttrDelete', 'restrictListOfDevices', 'autoMacOnOff', 'viewPassword', 'changePassword', 'emailUserDetails', 'enableDisable', //Buttons 'btnRadius', 'btnGraph', 'btnByod', 'btnTopup', ], 'logActions' => true, //Flag to set if we want to actions logged 'logExcludes' => [ 'index' ] ]; return $config; ?> </code> * The file returns an array called **$config** with a key that matches the filename without **.php**. * In our sample it is **RbaPermanentUsers**. * The value of this key in turn contains an array with the following keys: - **admin**: Typically contains a wildcard array. - **view**: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the **view** role. - **granular**: Contains an array with all the methods / actions in the controller you want to apply RBA to. Some might be commented out to show they are not available to the **operator** role. - **logActions**: Specify if actions on this controller needs to be recorded in a log. - **logExcludes**: Specify which actions should be excluded from the log records. ---------------- ==== Special entries 'btn' ==== * You might have noticed there are entries under a heading **Buttons**. * These are special entries that are uses to show or hide certain buttons on the applet for an admin role. * If for instance you do not want to show the Topup button, you can simply comment that entry out. * The Topup button will then not be included. -------------- ===== Components involved with RBA ===== ==== AaComponent ==== * The AaComponent will check if there is a RBA config file and then apply any restrictions on the role that needs to be applied with a informative error message. -------------- ==== GridButtonsRbaComponent ==== * The GridButtonsRbaComponent will check if there is a RBA config file and use that to construct the buttons on the applet's toolbar. technical/rba-adjust.txt Last modified: 2025/06/13 09:54by system