Hi everyone, I’m trying to use RBAC system, I’ve read a couple of tutorials but I didn’t find the answer that I was looking for…
Using this:
public function accessRules()
{
array('allow',
'actions'=>array('create','update','admin','delete'),
'expression'=>'Yii::app()->user->checkAccess("adminWhatever")',
// or
// 'roles'=>array('adminWhatever'),
),
);
}
I want to set where (model) this accessRule works.
Public function accessRules()
{
array('allow',
'actions'=>array('create','update','admin','delete'),
'expression'=>'Yii::app()->user->checkAccess("adminWhatever")',
// or
// 'roles'=>array('adminWhatever'),
),
);
}
But setting the "scope" or models in where this user can do CRUD.
Take a look at this example, I want that the user "adminWhatever" can create,update,admin and delete with the following models:model1,model2,model3 and model4:
Public function accessRules()
{
array('allow',
'actions'=>array('create','update','admin','delete'),
'expression'=>'Yii::app()->user->checkAccess("adminWhatever")',
// or
// 'roles'=>array('adminWhatever'),
'models'=>array('model1','model2','model3','model4'),
),
);
}
That’s it! it could be possible something like that?
I think you should re-design this part of your application
According to MVC (model - viewer - controller) you can restrict the permissions of user on model by actions not Directly in Controller’s rules.
Therefore the user can access of model through action (of controllers), so you could check the permission for each model in controller/action OR make a Controller for each model