Yii and Authorization Rules (RBAC)

One thing that has recently puzzled me with my discoveries of the Yii PHP framework is to do with how authentication rules work. (In particular RBAC)

I have been recently working on a big project for work that is quite complex with quite a few different systems that are all connected to each other. It also supports different devices, like the iPad and the iPhone. For this app it is important to restrict a user to a particular set of assets (that they create) and share these with other users in their company. To implement this, I stared by looking into the standard approach recommended by Yii documentation and that is the Authorization Component. On the implementation level, You have the option of either doing rules based on a file (CPHPAuthManager) or using a database backend (CDbAuthManager).

After doing a bit of research, using the CPHPAuthManager for a large application is a bad idea. Everything is stored in a file and every time a access rule needs to be evaluated, this file will need to be checked. Also all role assignments are stored here, so if you have a large amount of users then there will be a lot of information stored in this file. This would make it unmanageable and wouldn’t scale very well for bigger applications.

It appears that CDbAuthManager would be the solution. What it does is store all of your access rules in the database. The auth manager will generate a pre-built database schema that Yii provides. The first thing I found was the component that is available in the Yii repositories called yii-rights. This extension allows you to manage your Authorization within the app and create access rules as needed. The problem with this is that its all held in the database and I would be deploying this application to the production server after testing it on the staging server and did not want to have to create access rules in both instances and have to update them every time we made any changes to the rules.

This is where we came up with the idea of using a console command to create all of our access rules. Yii has a great system for creating console commands you can run on the server, if you want to learn more, check this out. This console command creates all of our access rules when run and stored them in the database so that we can version control our access rules and have them in one central place.

The problem I have with out current system is that the access rules have business rules that are evaluations to check the current user against the part of the system they are trying to access or modify. What I dont like is that the access rules are in the database and then eval’d by php at runtime. Now this is a bad idea and most in the php community would tell you to stay away from eval for most things. The question I have is, is this used well or could it have been done better?

If you have something to share that might shed some light on what I might have missed or another way to do it, post your comments below or post to my question on stackoverflow: http://stackoverflow.com/questions/9597287/what-is-the-reason-for-having-authorization-rules-in-the-database-in-yii-applica

jQuery Scrolling Box

I am currently working on a website that requires some scrollable elements on it. The design specification is to do away with the scroll bars to allow for a better more simplistic design. Now I remember this being done in the past in flash, but I wasn’t going to be using flash. So naturally I went out to find a jQuery solution. In most cases doing a google search or stackoverflow search finds some code that needs some tweaking and then away we go, but this time I couldn’t find anything! So I created my own and thought I would share it.

Go straight to the demo: http://jsbin.com/azoji3
Full Source Code: http://jsbin.com/azoji3/edit
An Example illustration:

I got my inspiration from this question: http://stackoverflow.com/q/1193414/359736

First up is the mousedown event to capture the clicking of the down arrow. This will call the function that will actually scroll down the div and it also keeps track of the mousedown.

 $('.dn').mousedown(function(event) {
    mouseisdown = true;
    ScrollDown();
}).mouseup(function(event) {
    mouseisdown = false;
});

This is where the fun comes in, this part is recursive (I know everyone loves recursion!). This is so you can hold down the mouse and keep it scrolling continuously. It will also check when it reaches the bottom.

function ScrollDown(){

  //var topVal = $('.up').parents(".container").find(".content").css("top").replace(/[^-\d\.]/g, '');
  var topVal = $(".content").css("top").replace(/[^-\d\.]/g, '');
    topVal = parseInt(topVal);
  console.log($(".content").height()+ " " + topVal);
  if(Math.abs(topVal) < ($(".content").height() - $(".container").height() + 60)){ //This is to limit the bottom of the scrolling - add extra to compensate for issues
  $('.up').parents(".container").find(".content").stop().animate({"top":topVal - 20  + 'px'},'slow');
    if (mouseisdown)
setTimeout(ScrollDown, 400);
  }

Mouse scrolling

Now I also wanted the user to be able to scroll the mouse and it scroll the content. To enable the detection of scrolling in jquery, it requires the library from here http://github.com/brandonaaron/jquery-mousewheel. Then I did the same scrolling action as above.

$('.container').mousewheel(function(event, delta, deltaX, deltaY) {
   // console.log('mouse'+ delta, deltaX, deltaY);

  if(delta < 0){ //Scroll down       var topVal = $('.up').parents(".container").find(".content").css("top").replace(/[^-\d\.]/g, '');     console.log('lol');     topVal = parseInt(topVal);     $('.up').parents(".container").find(".content").stop().animate({"top":topVal + (deltaY * 10)  + 'px'},'slow');   }     if(delta > 0){ //Scroll up
      var topVal = $('.up').parents(".container").find(".content").css("top").replace(/[^-\d\.]/g, '');
    topVal = parseInt(topVal);
    $('.up').parents(".container").find(".content").stop().animate({"top":topVal - (-deltaY * 10)  + 'px'},'slow');
  }

});

I know its not the most optimized code and could do with some better selectors but I am very happy with it at the moment that it will do the job and be a part of this exciting website im working on. Feel free to make comments or ask questions, and suggestions are welcome and ill be updating this with any tweaks I can find.

Web Development

I am currently really enjoying working at Bigwig wired in Adelaide doing web development for them. I really enjoy working with a team of designers and then turning the designs into reality and integrating them into CMS’ for clients.

I have very quickly accelerated my knowledge of css, and JavaScript (mainly jQuery) in a small time as there is a big variety in the types of clients and websites that we work on, its definitely a skill to use the latest development techniques but to also keep in mind how it will look in the older browsers like IE7 (we don’t worry about IE6 unless a client specifically requests it). jQuery is definitely an awesome tool for writing JavaScript really quickly and cross browser. I hope as a developer it doesn’t make me too lazy.

I really enjoy the culture of Bigwig and I’m coming to grips with a high paced environment where things need to be done but also done with a focus on high detail. Its not all hard work thought, we also fit in the jokes and conversations around the pool table and bar.

I am very happy with things and always finding new areas within web development to keep me interested. Lets see how things go and im excited to be writing about them in the future. Im not keen to work on some tools to make the process more efficient and faster within this environment.

Cheers, Kieran Andrews.

Codeigniter and Netbeans

I have recently stumbled on some really awesome tools, Code Igniter and Netbeans IDE for PHP development. I’ve used eclipse for Java development through uni and found it really great. After finishing that I found that using eclipse for PHP just was too slow and didn’t have the right tools for the job.

I used dreamweaver for a while but then stumbled on Netbeans and I am really amazed at how it works and so well. The features I love the most are bracket matching, div matching – this is where you select a div or bracket and it highlights the end tag or bracket.

It also does really good code highlighting with php and JavaScript and HTML even if they are all in the same file. It’s not all good though, I found the tag completion annoying and unintuitive so I turned it off but it’s not a big deal.

Codeigniter is really an amazing PHP framework, it has really sped up my development time and was a great help on a recent project I worked on with a shopping cart. It was really easy to pick up and easy as soon I as understood the whole MVC (Model View Controller) thing, it make a lot of sence to have the database code in the model, the view stuff in the view and then the controller in the middle to handle all of the things inbetween.

I will be definately be using it for a lot more projects and there is a great community support for it with a lot of people using it and backed by a company that also sells a CMS called Expression Engine. Codeigniter 2.0 should be coming out soonish and that will be interesting when it does.

Now that this project is over and im now working on more web design we shall see where it takes me and the interesting discoverys I make along the way.

Vancouver

Vancouver is an amazing city. So alive and vibrant. It has an arty feel to it. Its bigger than Adelaide but the main shopping areas felt emptier and less alive compared to say Rundle Mall in Adelaide.

I spent most of my time in Granville St in the Samesun backpackers hostel. It was a great stopover point until my journey up to Whistler. Lots of international visitors and people in similar situations, trying to find themselves in this amazing city.

At night time, the street came alive, with party goers heading to clubs and homeless people in search of donations in return for their various antics, be it card tricks or music made with spoons. Granville St near the backpackers is a dirty street but that gives it that character. It was cleaned up for the Olympics but there was still a lot of construction.

In contrast to this Stanley park is so lush and amazingly beautiful. You are in this busy city and you can walk right into a rain forest and I was amazed at how you could escape to this other world within a city. I really enjoyed the walk around the sea wall that so many Vancouverites make regularly and check out all of the lakes and towering trees that make this place their home.

I almost immediately fell in love with the country’s most famous sport, Hockey (which we call Ice Hockey). Joining some mates I met at the hostel, when a game was on we ventured to a local pub and followed the game. It was an easy game to pick up and watch.

When it was time to leave this place and venture to my next destination, I hopped on my bus and continued on my journey on the sea to sky highway up through the mountains to Whistler.

Seattle Part 2

Finally had some time to get my notes and write up about some of my past adventures, more to come!

The next day I took the bus into Seattle after figuring it out. Its been a lot harder navigating around here without having internet on my phone as Ive become used to in Australia. Finding my way around Melbourne was easy as I could always pull up a bus timetable or web page about a place I wanted to visit. It was a long trip over the river on the bus but there where some amazing sights and seeing the Seattle skyline was great.

I didnt know where to get off so I got off the biggest station (University St) and started walking around on a quest I would find a shopping area or something interesting. I had a great walk, starting in a rich area with lots of high rise buildings and slowly noticing the places get smaller as I headed towards the coast, where I spotted a soup kitchen. Then I headed sideways up the kill into a China town area and then managed to get back to a different rich area where I could see lots of fancy hotels and fancy shops of big brands id heard of before. I found a monorail and walked along side of it and found my way to the Space Needle!

The space needle was a great, it wasnt very busy. I didnt go up as I didnt see much point.  Right below the space needle there is a science fiction museum and  a music exploration museum focusing on jimmy hendrix. They where both very cool.

The money in america is wierd, $1 notes are crazy and they are just on crappy paper. Also getting used to tips is wierd for me too.

When I was in seattle I also checked out a few shops, the prices in america are awesome but Im saving all of my money up for Whistler. I bought my snowboard in Seattle at snowboard connection. They where heaps friendly and I got an awesome deal, and offered me a beer too! I was there for ages getting the perfect setup. I now have a K2 Darkside (Snowboard), Ride bindings and some sweet K2 boots that are so counfy. Some pics will be up later.

Seattle was awesome and Ill have to go back there some time. Thanks K T for giving me a place to crash and for the awesome ride up to Whistler.

Stay tuned for the next update! VANCOUVER!

Update

Hey Everyone,

Haven’t kept you all updated on what I’ve been doing so here’s a quick update. I’m currently typing this on my phone as the Internet here is so bad that the phone Internet is actually better! My flatmates and I have ordered telus which should be good when it gets here.

I’ve been extremely busy with things and been having such a great time that’s it’s been hard to force myself to sit in front of a computer when there are so many amazing things to do. At some stage I will be able to go through all my notes and write up all the stories between now and my last post, hopefully that isn’t if I get injured and don’t have anything else to do, lol.

Every day if I’m not working I’ll wake up at 7 and then head down the staff hill to catch the first gondola in the morning. I’ll be snowboarding all day till 3 and then trek back up the staff hill (it’s about 500m of constant incline, I call it gym hill as it’s a workout. There is a bus that goes up but it costs $2 and I really enjoy the excercise.)

I don’t have a constant roster yet but I’m working at rendevouz restuarant on blackcomb mountain, which opens on Thursday.

Well I gotta get some sleep now as it’s 3am. Stay tuned for more updates.

Hello Seattle! Part 1.

Wow! It has been a crazy last few days of new places, experiences, customs, adventures and fun.

I quite enjoy flights and the one to Vancouver wasn’t an exception, I flew to New Zealand first where I had a small stay before enbarking on my next flight. They had a burger king with a burger with BBQ sauce and onion rings in it! Very tasty and nothing like HJ’s at home. While disembarking I had one of those random explosives checks and I thought I’ll be fine I do these all the time at home, but it came up positive! I thought I would be questioned and miss my flight (that will teach me for trying to take grenades in my hand luggage in case we crash landed on some desert island with crazy natives…..

An older guy was called over and they did another test and I was told that I was fine to go after giving them my details. In a word, relieved. The next flight was to Canada and took 13 hours. It was great flying with Air New Zealand, I always laugh at the safety videos due to the accent (for the parents: but still paid careful attention to where the safety exits where). I actually got quite a bit of sleep on the plane which was nice and watched a few TV shows on their cool entertainment systems that let you choose what you want to watch.

Landing in Vancouver came with the realisation that I was on the other side of the world! Greeted by rain and overcast weather, I knew I was at my final destination. Before leaving the flight I met up with some people that were heading to the same place I was, we all entertained each other through customs and bag collection then left together and figured out our way into town.

Vancouver is an interesting city, lots of water and lots of construction too. I havent really seen it well yet but I know I will. I headed to the backpackers with my new friends and found out that I wasnt booked there and they where booked out, as I had a booking there for the 4th when I would come back to Vancouver, I had a choice to make, find somewhere else to stay or head straight to Seattle (my next stop). Cut a long story short, after some confusion and figuring out how to use the trains, I took the train to Seattle to meet up with a friend there called K T.

The train ride was very fun. I had nearly had enough of traveling at this stage. I enjoyed the Canadian hospitality and the driver anouncements where interesting and nothing like I have ever heard before, someone that sounded like they loved their job and knew they people actually cared about where the train was going or the next stop.

Greeted at 10pm by my friend at the Train station we drove (on the wrong side of the road) to her place in Kirkland which is over the river. A very nice place. We caught up after not seeing each other for quite a few years when she visited Australia and I met her boyfriend Joe and their lovely Husky dog! Husky dogs are more at place here and I always wonder how hot they get when living in Australia.

Slept in as I was exausted and went for a walk around Lake, which was beautiful. All of the trees are all different colours of orange in their Autum glory next to a massive lake with lots of life and ducks. I finally felt I was somewhere familiar and refreshed, ready for more adventures to come…

Tune in for next post where I talk about Seattle, where I meet friendly homeless people and feel like im in an American sitcom.

Surprise!

Wow! Just had the most amazing surprise party pulled on me.

If you didnt know, im heading to Canada on a working holiday for 7 months with a little bit of travel at the start and end to see USA. I have a job as a food station server at the Whistler Blackcomb ski resort in the state of British Columbia.

Without me knowing, my girlfriend Elysia organised a suprise going away party for me! I thought I was going over to join the family for a Sunday dinner when I was greeted by a huge crowd all yelling suprise! I was so shocked I had no idea what to say or do.

It was great to see all of my friends that turned up to wish me well and a few faces I hadn’t seen in a while. Thanks for coming everyone! There where so many people to chat to and I had a fantastic time.

Not long till I leave now (25th of October). I’ll be posting more updates as the holiday continues.

That’s it for now, Kieran