Educating the world

Our blog has over 10,000 readers a month

Using Yii2 mdmsoft yii2-admin to deny access to a module

May 21st, 2017

I wanted to deny the use of mdm to everyone who wasn't admin. I was expecting to be able to set up a deny rule then allow access to it for some users but it doesn't seem to work like this.

The basic principle is deny everything then allow you to create permissions (or roles) specifying the routes you want to allow.

After installing mdm add the following to your main.php:

PHP

return [
    'components' => [
        'authManager' => [
            'class' => 'yii\rbac\DbManager',
            'defaultRoles' => [
                'guest'
            ]
        ],
    ],
    'modules' => [
        'mdm' => [
            'class' => 'mdm\admin\Module'
        ],
    ],
    'as access' => [
        'class' => 'mdm\admin\components\AccessControl',
        'allowActions' => [
            '*'
        ]
    ],
];

This will allow access to every page as though the MDM module was not installed.

Next we have to create a route rule for every controller or module. On the management page goto the "Routes" section. Look down the list and add all the top level routes i.e. from the list /a/b/c, /a/b/*, /a/* choose /a/*. One of the will be /mdm/* (if that is what you have called the MDM module when you installed it).

From the management page go to the "Roles" section and click "Create". Enter "guest" as the name and for the description you can add "Default role assigned to all users". Finish by clicking create. You are presented with the ability to then add allow routes to your role. Highlight all the routes that your guest is allowed to use and click the ">>" button to move them over into the allowed section.

If you are being all proper like, then you would create a permission called guest_routes, assign all the routes to the permission, then assign the permission to the newly created "guest" role.

Back to the management page and click "Permissions" and then "Create". For name enter "admin_routes" and for the description "Routes allowed to administrators". After clicking "Create" you are taken to the screen allowing you to add all the routes that this permission allows the user to use.

Now go back to the management page and add the permission to what ever makes sense for you. I have a role called "Super User" which is assigned to me, so all I have to do is add "admin_routes" permission to the "Super User" role.

The final step is to tighten up the front access rules to deny all. Make the following change to your main.php.

PHP

return [
...
    'as access' => [
        'class' => 'mdm\admin\components\AccessControl',
        'allowActions' => [
        ]
    ],
];

As far as I could work out, there's no deny rule. It works by denying everything and only allowing the things you specify. It would be nice to have a denyActions that allowed you to specify a route to automatically deny then set up a permission to allow access. It would certain be a lot less work in this case particularly as I will have to keep updating it as I add controllers and modules.

Error: SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known

May 19th, 2017

Recently had a problem with Yii2's migrate when trying to connect to a local database.

[root@example.com yii-application]# ./yii migrate
Yii Migration Tool (based on Yii v2.0.11.2)

Error: SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known

Searched a lot on the web and everything pointed to a recent system update. I'd just done one and was worried that it'd broken something. As it turned out it was completely unrelated. I had configured the database connection settings in the common folder but I had forgotten that the console section of Yii2 uses its own configuration outside if the common/frontend/backend part.

The reason for the error was simply that Yii2 could not resolve the hostname in the default configuration.

return [
'components' => [
'db' => [
'class' => 'yii\db\Connection',
'dsn' => 'mysql:host=host_address;dbname=database_name',
'username' => 'username',
'password' => 'password',
'charset' => 'utf8'
],

I added the settings from common and Hey Presto! everything works.

Disable Firefox adding www to the start of address and com to the end

May 17th, 2017

It's one of those things that's really annoying and the solution is not very easy to find because searching Google for www and .com doesn't give you anything useful.

  1. In the address bar type: about:config
  2. Accept the warnings about pending doom
  3. Enter: browser.fixup in the search box
  4. Double clicking browser.fixup.alternate.enabled will disable it completely
  5. If you want, you can keep the addition of www and .com separate buy double clicking either browser.fixup.alternate.prefix or browser.fixup.alternate.suffix
  6. The changes will work immediately.

You may find that your address bar is trying to be like the Google address bar, which seems a bit pointless as there is a whole search box for exactly this purpose.
If you are finding that every time you get an address wrong it sends you over to Google then repeat the above steps but change keyword.enabled to false.

Firefox has always been a favourite of developers because Firebug support was so good. That's all changed now.

file_get_contents SSL operation failed with code 1 SSL3_GET_SERVER_CERTIFICATE certificate verify failed

April 29th, 2017

Recently got this message while I was trying to use get_file_contents in PHP.

file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This is caused by PHP being unable to verify the certificate as the message says! The reason why it can't verify the certificate is almost certainly related to file certificate authorities file (aka the CA file). Take a look at phpinfo and look for openssl.cafile. If it is empty then this is your problem.
If it's not empty then check that the file exists. If it does then it may be out of date. You can download the latest version from here:

https://curl.haxx.se/ca/cacert.pem

The simplest way to fix this problem is to add the CA file to PHP's configuration (php.ini) with the following line:

openssl.cafile=/path/to/cacert.pem

There are times when you want to ignore the verification failure such as in a development environment where wasting your life trying to fix SSL related problems is just a distraction from your real work.

openssl.cafile=/path/to/cacert.pem

Code

$stream_opts = [
    "ssl" => [
        "verify_peer"=>false,
        "verify_peer_name"=>false,
    ]
];  
 
$response = file_get_contents("https://www.example.com",
               false, stream_context_create($stream_opts));

Hessian expected end of call (z) at M

February 22nd, 2017

Just thought I'd post this to help anyone else coping with this error message.

expected end of call ('z') at 'M'. Check method arguments and ensure method overloading is enabled if necessary



package uk.co.bigsoft.app.hessian.clients;

import java.net.MalformedURLException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.caucho.hessian.client.HessianProxyFactory;

public class HessianInterfaceFactory {

    private static final Logger L = LoggerFactory.getLogger(HessianInterfaceFactory.class);

    private HessianProxyFactory factory = new HessianProxyFactory();

    public HessianInterfaceFactory() {
        factory = new HessianProxyFactory();
        factory.setOverloadEnabled(true);
    }

    public  T createHessianInterface(Class type, String url) {

        try {
            return type.cast(factory.create(type, url));
        } catch (MalformedURLException e) {
            L.error("Creating proxy for \"" + type.toString() + "\" on \"" + url + "\"", e);
            return null;
        }
    }

}

-->